What is CVE-1999-1162?

CVE-1999-1162 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 6.4.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-1162

MEDIUM6.4/ 10.0

Published: May 24, 1993 at 04:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.

CVSS Metrics

Base Score

6.4

Severity

MEDIUM

Vector String

AV:N/AC:L/Au:N/C:N/I:P/A:P

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

SCO UNIX 4.0 and earlier systems are vulnerable to a denial-of-service (DoS) attack via the passwd utility, preventing legitimate users from logging in. This vulnerability stems from a flaw in how passwd handles user authentication, allowing attackers to manipulate the system's password database and effectively lock out users. The impact is system unavailability and potential disruption of critical services.

02 // Vulnerability Mechanism

Step 1: Vulnerability Trigger: An attacker interacts with the passwd utility, potentially through a crafted input or a sequence of commands.

Step 2: Password Database Manipulation: The attacker's input exploits a flaw in passwd's logic, leading to the corruption or modification of the password database (e.g., /etc/passwd or shadow password files).

Step 3: Login Failure: Legitimate users attempting to log in are unable to authenticate because of the corrupted password database. The system either rejects their credentials or fails to process the authentication request.

Step 4: Denial of Service: The system becomes unusable for legitimate users, resulting in a DoS condition.

03 // Deep Technical Analysis

The vulnerability lies within the passwd utility in SCO UNIX 4.0 and earlier. The exact mechanism is not explicitly detailed in the CVE description, but the impact suggests a flaw in how passwd interacts with the user authentication process. It likely involves a manipulation of the password database, potentially corrupting or locking user accounts. This could be achieved through a variety of methods, such as exploiting a race condition during password updates, a format string vulnerability when handling user input, or a simple logic error that allows unauthorized modification of the password file. Without more specific details, it's impossible to pinpoint the exact root cause, but the outcome is a DoS by preventing valid logins.