Product

About

Free Cyber Assessment

published date: December 19, 1996

CVE-1999-1385 : Buffer Overflow Vulnerability

Description

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

Product(s):

FreeBSD
FreeBSD 0.4_1
FreeBSD 1.0
FreeBSD 1.1.5.1
FreeBSD 1.1.5
FreeBSD 1.1
FreeBSD 1.2
FreeBSD 1.5
FreeBSD 2.0.1
FreeBSD 2.0.5
FreeBSD 2.0
FreeBSD 2.1.0
FreeBSD 2.1.5
FreeBSD 2.1.6.1
FreeBSD 2.1.6
FreeBSD 2.1

CVSS:7.2 [Critical]
EPSS:0.05%
Exploitability:3.9
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-1999-1385, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-1999-1385 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-1999-1385

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales