RCE in Bsdi Bsd_os

CVE-1999-0043

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.448 (98.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Bsdi Bsd_os — versions 2.1
Caldera Openlinux — versions 1.0
Isc Inn — versions 1.4sec, 1.4sec2, 1.4unoff3
Nec Goah_intrasv — versions 1.1
Nec Goah_networksv — versions 1.2, 2.2, 3.1
Netscape News_server — versions 1.1
Redhat Linux — versions 4.0, 4.1
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-1999-0043?: CVE-1999-0043 is a critical-severity vulnerability in Bsdi Bsd_os, classified under OS Command Injection. CVSS score: 9.8/10. Published 1996-12-04.
How severe is CVE-1999-0043?: Critical severity. CVSS v3 base score is 9.8 out of 10.