CVE-1999-0433
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/03/1999
Last modified:
03/04/2025
Description
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:* | ||
| cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:slackware:slackware_linux:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page