CVE

Id
114  
CVE No.
CVE-1999-0114  
Status
Candidate  
Description
Local users can execute commands as other users, and read other users" files, through the filter command in the Elm elm-2.4 mail package using a symlink attack.  
Phase
Modified (20000106-01)  
Votes
ACCEPT(7) Armstrong, Bishop, Blake, Cole, Landfield, Shostack, Wall | MODIFY(2) Baker, Frech | NOOP(3) Christey, Northcutt, Ozancin | REVIEWING(1) Levy  
Comments
Frech> XF:elm-filter2 | CHANGE> [Wall changed vote from NOOP to ACCEPT] | Landfield> with Frech modifications | Baker> ADD REF http://www.cert.org/ftp/cert_bulletins/VB-95:10a.elm Official Advisory | Christey> The correct URL is http://www.cert.org/vendor_bulletins/VB-95:10a.elm | Need to make sure that this CERT advisory describes the right | problem, especially since the CERT advisory is dated December | 18, 1995 and the original Bugtraq post was December 26, 1995. | Christey> BID:1802 | URL:http://www.securityfocus.com/bid/1802 | BID:1802 doesn"t include the 1999 posting - does Security | Focus think that the 1999 post describes a different | vulnerability? | Christey> XF:elm-filter2 isn"t on the X-Force web site. How about XF:elm-filter(402) ? | Its references point to the December 26, 1995 BUgtraq post. | | Also consider CIAC:G-36 and CERT:VB-95:10 | Frech> DELREF:XF:elm-filter2(711) | ADDREF:XF:elm-filter(402)  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
318 114 CVE-1999-0114 BUGTRAQ:19990912 elm filter program  View
319 114 CVE-1999-0114 BUGTRAQ:19951226 filter (elm package) security hole  View

Related JVN