Vulnerability in Cde

CVE-1999-0691

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

EPSS: 0.008 (52.9th percentile) — read the EPSS interpretation.

Affected products

Cde — versions 1.0.1, 1.0.2, 1.1
Digital Unix — versions 4.0d, 4.0e, 4.0f
Ibm Aix — versions 4.1, 4.1.1, 4.1.2
Sun Solaris — versions 2.4, 2.5.1, 2.6
Sun Sunos — versions 5.4, 5.5, 5.5.1
N/a — versions n/a

Public proof-of-concept exploits

truefinder/truefinder

References

cve@mitre.org (signature, x_refsource_OVAL, vdb-entry)
cve@mitre.org (x_refsource_HP, vendor-advisory)
cve@mitre.org (vendor-advisory, x_refsource_SUN)
cve@mitre.org (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-1999-0691?: CVE-1999-0691 is a vulnerability in Cde. Published 1999-09-13.
Is CVE-1999-0691 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.