CVE-1999-1496
LowExploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
Sudo version 1.5 on Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates different error messages when the file does not exist.
Risk Assessment
The ability to determine file existence may lead to information disclosure about the file system structure, increasing the risk of system attacks.
Recommendation
It is recommended to update Sudo to a newer version that addresses this vulnerability and to restrict Sudo access for local users.
Original NVD description (English source)
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

