CVE-1999-1554 : /usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail

/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.

Published 1990-10-31 05:00:00

Updated 2008-09-05 20:19:48

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-1999-1554

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-1999-1554

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-1999-1554

http://www.iss.net/security_center/static/3164.php
http://www.securityfocus.com/bid/13

Patch;Vendor Advisory
http://www.cert.org/advisories/CA-1990-08.html

Patch;Third Party Advisory;US Government Resource

Products affected by CVE-1999-1554

SGI » Irix » Version: 3.3.1
cpe:2.3:o:sgi:irix:3.3.1:*:*:*:*:*:*:*
Matching versions
SGI » Irix » Version: 3.3
cpe:2.3:o:sgi:irix:3.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-1999-1554

Exploit prediction scoring system (EPSS) score for CVE-1999-1554

CVSS scores for CVE-1999-1554

References for CVE-1999-1554

Products affected by CVE-1999-1554