CVE-1999-0433

Published: Mar 21, 1999Modified: Apr 16, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Affected (14)

Products: Xfree86 Project: X11r6 · Netbsd: Netbsd · Redhat: Linux · +2 more

Show all products

Xfree86 Project: X11r6 · Netbsd: Netbsd · Redhat: Linux · Slackware: Slackware Linux · Suse: Suse Linux

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xfree86 Project X11r6	Version 3.3.3

Configuration B

13 vulnerable

Vulnerable Software	Affected Versions
Netbsd Netbsd	Version 1.3.2
Netbsd Netbsd	Version 1.3.3
Redhat Linux	Version 5.1
Redhat Linux	Version 5.2
Slackware Slackware Linux	Version 3.3
Slackware Slackware Linux	Version 3.4
Slackware Slackware Linux	Version 3.5
Slackware Slackware Linux	Version 3.6
Slackware Slackware Linux	Version 4.0
Suse Suse Linux	Version 5.1
Suse Suse Linux	Version 5.2
Suse Suse Linux	Version 6.0
Suse Suse Linux	Version 6.1

References (2)

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.