Vulnerabilities > CVE-1999-1142 - Unspecified vulnerability in SUN Sunos

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

sun

NVD

Published: 1992-05-27

Updated: 2017-10-10

Summary

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Sunos - SUN Sunos 3.5 SUN Sunos 4.0 SUN Sunos 4.0.1 SUN Sunos 4.0.2 SUN Sunos 4.0.3 SUN Sunos 4.0.3C SUN Sunos 4.1 SUN Sunos 4.1.1 SUN Sunos 4.1.2	10

References

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116
http://www.cert.org/advisories/CA-1992-11.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/3152