CVE Vulnerabilities

CVE-1999-1299

Published: Feb 03, 1997 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

rcp on various Linux systems including Red Hat 4.0 allows a nobody user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file.

Affected Software

Name Vendor Start Version End Version
Slackware_linux Slackware 3.1 3.1
Linux Redhat 4.0 4.0

References