CVE-1999-0138

Description

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Affected products

• Apple / a_ux3.1.1 – 3.1.1
• digital / osf_11.3 – 1.3
• FreeBSD / FreeBSD2.0 – 2.0
• FreeBSD / FreeBSD2.0.5 – 2.0.5
• FreeBSD / FreeBSD2.1.0 – 2.1.0
• HP / hp-ux8 – 8
• HP / hp-ux9 – 9
• HP / hp-ux10 – 10
• ibm / aix3.2.5 – 3.2.5
• ibm / aix4 – 4
• Linux / Linux kernel1.2.0 – 1.2.0
• Linux / Linux kernel2.0 – 2.0
• NEC / asl_ux_4800
• NEC / ews-ux_v4.2 – 4.2
• NEC / ews-ux_v4.2mp – 4.2mp
• NEC / up-ux_v4.2mp – 4.2mp

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0138