Vulnerabilities > CVE-1999-1413 - Unspecified vulnerability in SUN Solaris and Sunos

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

sun

exploit available

NVD

Published: 1996-08-03

Updated: 2018-10-30

Summary

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Solaris 2.4 SUN Sunos 5.4	2

Exploit-Db

description	Solaris 7.0 Coredump Vulnerbility. CVE-1999-1413 . Remote exploit for solaris platform
id	EDB-ID:19236
last seen	2016-02-02
modified	1996-08-03
published	1996-08-03
reporter	Jungseok Roh
source	https://www.exploit-db.com/download/19236/
title	Solaris <= 7.0 Coredump Vulnerbility

References

http://marc.info/?l=bugtraq&m=87602167419549&w=2
http://www.securityfocus.com/bid/296