CVE-1999-1095 in Linuxinfo

Summary

by MITRE

sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/17/2026

The vulnerability described in CVE-1999-1095 pertains to the GNU sort utility and its handling of temporary files during processing. This issue arises from the design flaw where sort creates temporary files while sorting data and follows symbolic links without proper safeguards. The vulnerability is categorized under CWE-59 which specifically addresses improper handling of symbolic links, making it a classic example of path traversal and privilege escalation through file system manipulation. The problem manifests when sort processes input data that contains symbolic links, particularly in scenarios where the utility creates temporary files in predictable locations.

The technical exploitation of this vulnerability occurs when local users can manipulate the symbolic link structure in a way that allows them to redirect sort's temporary file creation to arbitrary locations on the file system. When programs like updatedb invoke sort as part of their processing, they inherit this vulnerability, allowing attackers to potentially modify files that are writable by the user running the sort command. The attack vector leverages the fact that sort does not properly validate or sanitize symbolic links in its temporary file handling process, creating a scenario where malicious symbolic links can be used to overwrite or modify files with unintended consequences. This behavior aligns with ATT&CK technique T1059.001 for executing malicious code through command-line interfaces.

The operational impact of this vulnerability extends beyond simple file modification, as it can potentially allow privilege escalation when sort is executed with elevated privileges or when processing files in system directories. Local users who can write to directories where sort creates temporary files can craft symbolic links that point to sensitive system files, configuration files, or other targets of interest. The vulnerability affects systems where sort is used by other programs, particularly system maintenance utilities, making it a widespread concern for system administrators. This type of vulnerability is classified as a privilege escalation vector under ATT&CK framework, specifically targeting the execution of unauthorized code through legitimate system utilities. The risk is particularly high in environments where system utilities are invoked with elevated privileges or where users have write access to locations where temporary files might be created.

Mitigation strategies for CVE-1999-1095 involve implementing proper temporary file handling mechanisms that prevent symbolic link following during temporary file creation. System administrators should ensure that sort and other affected utilities are not run with elevated privileges when processing untrusted input data. The recommended approach includes modifying the sort utility to create temporary files with unique names in secure directories, implementing proper file access controls, and ensuring that symbolic links are not followed during temporary file operations. Additionally, programs that invoke sort should be audited for proper input validation and temporary file handling practices. This vulnerability demonstrates the importance of secure coding practices and the principle of least privilege, where utilities should not be granted unnecessary permissions that could be exploited through such flaws. The fix typically involves patching the sort utility to properly handle symbolic links and temporary file creation, ensuring that any temporary files are created in secure locations without following symbolic links.

Disclosure

10/06/1997

Moderation

accepted

Entry

VDB-14000

CPE

ready

EPSS

0.00348

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!