published date: September 1, 1997

CVE-1999-1139 : Character-Terminal User Environment (CUE)...

Description

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

Product(s):

HP-UX
HP-UX family of operating systems
HP HP-UX 10.00
HP HP-UX 10.01
HP HP-UX 10.2
HP HP-UX 10.3
HP HP-UX 10.8
HP HP-UX 10.9
HP HP-UX 10.10
HP HP-UX 10.16
HP HP-UX 10.20
HP HP-UX 10.24
HP HP-UX 10.26
HP HP-UX 10.30
HP HP-UX 10.34
HP HP-UX 10
HP-UX 11.00
HP-UX 11 family
HP HP-UX 7.0
HP HP-UX 7.2
HP HP-UX 7.4
HP HP-UX 7.6
HP HP-UX 7.8
HP HP-UX 8.0
HP HP-UX 8.1
HP HP-UX 8.02
HP HP-UX 8.4
HP HP-UX 8.5
HP HP-UX 8.06
HP HP-UX 8.7
HP HP-UX 8.8
HP HP-UX 8.9
HP HP-UX 8
HP HP-UX 9.0
HP HP-UX 9.01
HP HP-UX 9.3
HP HP-UX 9.4
HP HP-UX 9.05
HP HP-UX 9.6
HP HP-UX 9.7
HP HP-UX 9.8
HP HP-UX 9.9
HP HP-UX 9.10
HP HP-UX 9

CVSS:7.2 [Critical]
EPSS:0.05%
Exploitability:3.9
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-1999-1139, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-1999-1139 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-1999-1139

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales