Vulnerabilities > CVE-1999-1137 - Unspecified vulnerability in SUN Solaris and Sunos

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

sun

NVD

Published: 1993-10-01

Updated: 2018-10-30

Summary

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Solaris * SUN Sunos * SUN Sunos 4.1 SUN Sunos 5.0 SUN Sunos - SUN Sunos 3.5 SUN Sunos 4.0 SUN Sunos 4.0.1 SUN Sunos 4.0.2 SUN Sunos 4.0.3 SUN Sunos 4.0.3C SUN Sunos 4.1.1 SUN Sunos 4.1.2 SUN Sunos 4.1.3 SUN Sunos 4.1.3C SUN Sunos 4.1.3U1 SUN Sunos 4.1.4 SUN Sunos 4.1Psr_A SUN Sunos 5.1 SUN Sunos 5.2	20

References

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
http://www.ciac.org/ciac/bulletins/e-01.shtml
http://www.osvdb.org/6436
https://exchange.xforce.ibmcloud.com/vulnerabilities/549