CVE Catalog
CVE-1999-1486
LowExploitation Probability (EPSS)
Low risk0.31%
22th percentile — higher than 22% of all known CVEs
Summary
The vulnerability in the sadc program on IBM AIX 4.1 through 4.3 allows local users to overwrite arbitrary files via a symlink attack when called from programs like timex that have the setgid bit set to adm.
Risk Assessment
An attacker could exploit this vulnerability to overwrite critical system files, potentially leading to data loss or system instability.
Recommendation
It is recommended to restrict access to setgid programs and to monitor and update the system to the latest version to minimize risk.
Original NVD description (English source)
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.

