CVE Catalog

CVE-1999-1486

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

The vulnerability in the sadc program on IBM AIX 4.1 through 4.3 allows local users to overwrite arbitrary files via a symlink attack when called from programs like timex that have the setgid bit set to adm.

Risk Assessment

An attacker could exploit this vulnerability to overwrite critical system files, potentially leading to data loss or system instability.

Recommendation

It is recommended to restrict access to setgid programs and to monitor and update the system to the latest version to minimize risk.

Original NVD description (English source)

sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS