Skip to content

Commit b7f8731

Browse files
committed
add: AVE-2018-0029
1 parent 2b861ea commit b7f8731

1 file changed

Lines changed: 18 additions & 20 deletions

File tree

vulns/1999/AVE-1999-0216.toml

Lines changed: 18 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,35 @@
11
[id]
22
ave_id = "AVE-1999-0216"
3-
cve_id = "CVE-1999-0034"
4-
aliases = ["CVE-1999-0034"]
3+
cve_id = "CVE-1999-0894"
4+
aliases = ["CVE-1999-0894"]
55

66
[basic]
7-
title = "多个Unix系统Perl suidperl本地缓冲区溢出漏洞"
8-
description = "Perl 4.x和5.x中的suidperl(sperl)程序存在缓冲区溢出漏洞。当该程序以setuid root方式安装时,本地攻击者可利用溢出漏洞提升权限至root,完全控制受影响的系统。受影响系统包括BSD/OS 2.1/3.0、RedHat Linux 4.0/4.1、SGI Freeware 1.0/2.0以及Larry Wall Perl 5.0.3等。攻击者通过精心构造的数据触发缓冲区溢出,从而以root权限执行任意代码。"
9-
severity = "HIGH"
10-
score = 7.2
11-
remediation = "升级Perl至最新版本,或移除suidperl程序的SUID权限位。同时限制本地用户对受影响系统的访问权限。"
12-
published = "1997-05-29"
7+
title = "Red Hat Linux screen 程序未使用 Unix98 pty 导致本地用户可写入其他终端"
8+
description = "Red Hat Linux 系统中 bundled 的 screen 程序未使用 Unix98 ptys(伪终端),而是使用了传统终端模式,导致本地用户能够向其他用户的终端设备写入数据。攻击者可通过此漏洞向其他终端会话发送任意内容,实现信息窃取或命令注入,破坏系统完整性和机密性。该漏洞影响 Red Hat Linux 发行版中的 screen 程序,利用需要本地系统访问权限。"
9+
severity = "CRITICAL"
10+
score = 10.0
11+
cvss_v2 = 10.0
12+
cvss_v2_vector = "AV:N/AC:L/Au:N/C:C/I:C/A:C"
13+
published = "2000-01-04"
1314
updated = "2026-06-16"
14-
sources = ["nvd", "exploitdb"]
15+
sources = ["redhat", "nvd"]
16+
remediation = "升级 Red Hat Linux 系统中的 screen 软件包至包含 Unix98 pty 支持的修复版本,或应用 Red Hat 提供的官方安全补丁。作为临时缓解措施,限制不可信用户的本地登录权限,并监控异常的终端写入行为。"
1517

1618
[affected]
17-
vendor = "Perl"
18-
product = "suidperl"
19+
vendor = "Red Hat"
20+
product = "Red Hat Linux"
1921

2022
[references]
2123
urls = [
22-
"https://nvd.nist.gov/vuln/detail/CVE-1999-0034",
23-
"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034",
24-
"https://www.exploit-db.com/exploits/19547",
25-
"https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19547.tgz"
24+
"https://nvd.nist.gov/vuln/detail/CVE-1999-0894",
25+
"https://access.redhat.com/security/cve/CVE-1999-0894",
26+
"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0894"
2627
]
2728

2829
[exploit]
2930
poc_urls = []
30-
exp_urls = [
31-
"https://www.exploit-db.com/exploits/19547",
32-
"https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19547.tgz"
33-
]
31+
exp_urls = []
3432

3533
[meta]
3634
status = "completed"
37-
collected_at = "2026-07-11T12:00:00Z"
35+
collected_at = "2026-07-11T00:00:00Z"

0 commit comments

Comments
 (0)