CVE Catalog

CVE-1999-1496

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile — higher than 40% of all known CVEs

Summary

Sudo version 1.5 on Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates different error messages when the file does not exist.

Risk Assessment

The ability to determine file existence may lead to information disclosure about the file system structure, increasing the risk of system attacks.

Recommendation

It is recommended to update Sudo to a newer version that addresses this vulnerability and to restrict Sudo access for local users.

Original NVD description (English source)

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS