VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 25, 1998· Updated Apr 16, 2026

CVE-1999-1486

CVE-1999-1486

Description

A symlink vulnerability in sadc on IBM AIX 4.1-4.3 allows local users to overwrite arbitrary files via setgid adm programs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A symlink vulnerability in sadc on IBM AIX 4.1-4.3 allows local users to overwrite arbitrary files via setgid adm programs.

Vulnerability

The sadc utility in IBM AIX versions 4.1 through 4.3, when invoked by setgid adm programs such as timex, is vulnerable to a symlink attack. The vulnerability lies in the way sadc handles file operations without proper checks, allowing a local user to create a symbolic link to an arbitrary file.

Exploitation

A local attacker with the ability to run the setgid adm program (e.g., timex) can exploit this by creating a symbolic link from the file that sadc intends to write to, pointing to an arbitrary file on the system. The attacker must have local access and the ability to create symlinks.

Impact

Successful exploitation allows the attacker to overwrite arbitrary files on the system, potentially leading to privilege escalation or denial of service by corrupting critical system files.

Mitigation

IBM released fixes for this issue via APARs IX76853, IX75554, and IX76330 for AIX 4.1, 4.2, and 4.3 respectively. Users should apply the appropriate fix from IBM. As these are very old versions, upgrading to a supported AIX version is recommended.

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • IBM/Aix10 versions
    cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.2:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*
    • (no CPE)range: 4.1 - 4.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.