|
1 | 1 | [id] |
2 | 2 | ave_id = "AVE-1999-0216" |
3 | | -cve_id = "CVE-1999-0034" |
4 | | -aliases = ["CVE-1999-0034"] |
| 3 | +cve_id = "CVE-1999-0894" |
| 4 | +aliases = ["CVE-1999-0894"] |
5 | 5 |
|
6 | 6 | [basic] |
7 | | -title = "多个Unix系统Perl suidperl本地缓冲区溢出漏洞" |
8 | | -description = "Perl 4.x和5.x中的suidperl(sperl)程序存在缓冲区溢出漏洞。当该程序以setuid root方式安装时,本地攻击者可利用溢出漏洞提升权限至root,完全控制受影响的系统。受影响系统包括BSD/OS 2.1/3.0、RedHat Linux 4.0/4.1、SGI Freeware 1.0/2.0以及Larry Wall Perl 5.0.3等。攻击者通过精心构造的数据触发缓冲区溢出,从而以root权限执行任意代码。" |
9 | | -severity = "HIGH" |
10 | | -score = 7.2 |
11 | | -remediation = "升级Perl至最新版本,或移除suidperl程序的SUID权限位。同时限制本地用户对受影响系统的访问权限。" |
12 | | -published = "1997-05-29" |
| 7 | +title = "Red Hat Linux screen 程序未使用 Unix98 pty 导致本地用户可写入其他终端" |
| 8 | +description = "Red Hat Linux 系统中 bundled 的 screen 程序未使用 Unix98 ptys(伪终端),而是使用了传统终端模式,导致本地用户能够向其他用户的终端设备写入数据。攻击者可通过此漏洞向其他终端会话发送任意内容,实现信息窃取或命令注入,破坏系统完整性和机密性。该漏洞影响 Red Hat Linux 发行版中的 screen 程序,利用需要本地系统访问权限。" |
| 9 | +severity = "CRITICAL" |
| 10 | +score = 10.0 |
| 11 | +cvss_v2 = 10.0 |
| 12 | +cvss_v2_vector = "AV:N/AC:L/Au:N/C:C/I:C/A:C" |
| 13 | +published = "2000-01-04" |
13 | 14 | updated = "2026-06-16" |
14 | | -sources = ["nvd", "exploitdb"] |
| 15 | +sources = ["redhat", "nvd"] |
| 16 | +remediation = "升级 Red Hat Linux 系统中的 screen 软件包至包含 Unix98 pty 支持的修复版本,或应用 Red Hat 提供的官方安全补丁。作为临时缓解措施,限制不可信用户的本地登录权限,并监控异常的终端写入行为。" |
15 | 17 |
|
16 | 18 | [affected] |
17 | | -vendor = "Perl" |
18 | | -product = "suidperl" |
| 19 | +vendor = "Red Hat" |
| 20 | +product = "Red Hat Linux" |
19 | 21 |
|
20 | 22 | [references] |
21 | 23 | urls = [ |
22 | | - "https://nvd.nist.gov/vuln/detail/CVE-1999-0034", |
23 | | - "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034", |
24 | | - "https://www.exploit-db.com/exploits/19547", |
25 | | - "https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19547.tgz" |
| 24 | + "https://nvd.nist.gov/vuln/detail/CVE-1999-0894", |
| 25 | + "https://access.redhat.com/security/cve/CVE-1999-0894", |
| 26 | + "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0894" |
26 | 27 | ] |
27 | 28 |
|
28 | 29 | [exploit] |
29 | 30 | poc_urls = [] |
30 | | -exp_urls = [ |
31 | | - "https://www.exploit-db.com/exploits/19547", |
32 | | - "https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19547.tgz" |
33 | | -] |
| 31 | +exp_urls = [] |
34 | 32 |
|
35 | 33 | [meta] |
36 | 34 | status = "completed" |
37 | | -collected_at = "2026-07-11T12:00:00Z" |
| 35 | +collected_at = "2026-07-11T00:00:00Z" |
0 commit comments