Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-1999-1405

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.

  • Published: Feb 17, 1999
  • Updated: Apr 13, 2023
  • CVE: CVE-1999-1405
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
ibm / aix 4.2.1 4.2.1.x
ibm / aix 3.2.5 3.2.5.x
ibm / aix 4.1.4 4.1.4.x
ibm / aix 4.2 4.2.x
ibm / aix 4.1.5 4.1.5.x
ibm / aix 4.1.2 4.1.2.x
ibm / aix 4.1 4.1.x
ibm / aix 4.1.3 4.1.3.x