Skip to content

Commit 2ef124e

Browse files
committed
add: AVE-1999-0997
1 parent bf6af5b commit 2ef124e

1 file changed

Lines changed: 24 additions & 0 deletions

File tree

vulns/1999/AVE-1999-0997.toml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
[basic]
2+
description = "适用于 Linux 平台的 Internet Security Scanner (ISS) 5.3 版本的 install.iss 安装脚本在处理临时文件时存在不安全操作缺陷,未对临时文件路径进行充分校验。本地攻击者可通过符号链接(symlink)攻击将临时文件链接至目标系统文件,从而在安装过程中修改任意文件权限,实现本地权限提升。该漏洞影响 ISS 5.3 for Linux 版本,CVSS 评分 7.2,危害等级高。"
3+
published = "1999-02-20T05:00:00.000"
4+
remediation = "安装前手动删除临时文件 `/tmp/iss.install` 并检查是否为符号链接;修改 install.iss 脚本使用 `mktemp` 创建临时文件,避免使用可预测路径;以非 root 用户执行安装程序,降低提权风险。"
5+
score = 7.2
6+
severity = "HIGH"
7+
sources = ["cve"]
8+
title = "ISS Internet Security Scanner 5.3 安装脚本本地文件权限提升漏洞"
9+
updated = "2026-06-16T21:49:51.903"
10+
11+
[exploit]
12+
exp_urls = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["CVE-1999-1168"]
17+
ave_id = "AVE-1999-0997"
18+
19+
[meta]
20+
collected_at = "2026-07-14T00:00:00Z"
21+
status = "completed"
22+
23+
[references]
24+
urls = ["http://www.securityfocus.com/archive/1/12640"]

0 commit comments

Comments
 (0)