CVE Catalog

CVE-1999-1554

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

34th percentile — higher than 34% of all known CVEs

Summary

The Mail service on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, allowing local users to read the mail of other users.

Risk Assessment

This vulnerability poses a privacy risk as local users can access confidential information of other users.

Recommendation

It is recommended to update the system to the latest version that fixes group ID management in the Mail service.

Original NVD description (English source)

/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS