Remote File Existence Disclosure in Linux and Ultrix via rpc.mountd
CVE-1999-1225

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd; Ultrix; Solaris; Linux Kernel
Vendor: CVE Published:; 24 August 1997

What is CVE-1999-1225?

The rpc.mountd service on Linux and Ultrix operating systems is susceptible to a vulnerability that allows remote attackers to infer the existence of specific files on the server. By sending mount requests for files, attackers can trigger distinct error messages based on the presence or absence of those files. This information leak can be exploited to gather sensitive information regarding the server's file structure, potentially leading to further exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/347

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/7526

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Aug 24, 1997

CVE-1999-1225 Data

JSON

Netbsd

What is CVE-1999-1225?

References

Timeline