Vulnerabilities > CVE-1999-1587 - Local Information Disclosure vulnerability in Sun Solaris UCB/PS Command
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Exploit-Db
| description | Solaris 8/9 ps - Environment Variable Information leak. CVE-1999-1587. Local exploit for Solaris platform |
| id | EDB-ID:40727 |
| last seen | 2016-11-09 |
| modified | 2006-07-26 |
| published | 2006-07-26 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/40727/ |
| title | Solaris 8/9 ps - Environment Variable Information leak |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120239.NASL description SunOS 5.9_x86: ps cmd patch. Date this patch was last updated by Sun : Mar/24/06 last seen 2020-06-01 modified 2020-06-02 plugin id 21173 published 2006-04-03 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21173 title Solaris 9 (x86) : 120239-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(21173); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-1999-1587"); script_name(english:"Solaris 9 (x86) : 120239-01"); script_summary(english:"Check for patch 120239-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120239-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: ps cmd patch. Date this patch was last updated by Sun : Mar/24/06" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000329.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120239-01", obsoleted_by:"", package:"SUNWscpu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:solaris_get_report()); else security_note(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_120240.NASL description SunOS 5.9: ps cmd patch. Date this patch was last updated by Sun : Mar/24/06 last seen 2020-06-01 modified 2020-06-02 plugin id 21172 published 2006-04-03 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21172 title Solaris 9 (sparc) : 120240-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(21172); script_version("1.22"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-1999-1587"); script_name(english:"Solaris 9 (sparc) : 120240-01"); script_summary(english:"Check for patch 120240-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120240-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: ps cmd patch. Date this patch was last updated by Sun : Mar/24/06" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000329.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120240-01", obsoleted_by:"", package:"SUNWscpu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120240-01", obsoleted_by:"", package:"SUNWscpux", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:solaris_get_report()); else security_note(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109024.NASL description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: last seen 2020-06-01 modified 2020-06-02 plugin id 21171 published 2006-04-03 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21171 title Solaris 8 (x86) : 109024-08 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(21171); script_version("1.22"); script_cvs_date("Date: 2018/07/30 15:31:32"); script_cve_id("CVE-1999-1587", "CVE-2013-5834"); script_bugtraq_id(64843); script_name(english:"Solaris 8 (x86) : 109024-08"); script_summary(english:"Check for patch 109024-08"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109024-08" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: 'ps' command line utility). The supported version that is affected is 8. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/109024-08" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109024-08", obsoleted_by:"", package:"SUNWscpu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109024-08", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_109023.NASL description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: last seen 2020-06-01 modified 2020-06-02 plugin id 21170 published 2006-04-03 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21170 title Solaris 8 (sparc) : 109023-08 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(21170); script_version("1.27"); script_cvs_date("Date: 2018/07/30 15:31:32"); script_cve_id("CVE-1999-1587", "CVE-2013-5834"); script_bugtraq_id(64843); script_name(english:"Solaris 8 (sparc) : 109023-08"); script_summary(english:"Check for patch 109023-08"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109023-08" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: 'ps' command line utility). The supported version that is affected is 8. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/109023-08" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109023-08", obsoleted_by:"", package:"SUNWscpu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109023-08", obsoleted_by:"", package:"SUNWcsxu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109023-08", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109023-08", obsoleted_by:"", package:"SUNWscpux", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2007-02-20T13:39:44.948-05:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:1470 | ||||||||
| status | accepted | ||||||||
| submitted | 2006-03-28T09:02:00.000-04:00 | ||||||||
| title | Alternate ps Command Information Disclosure Vulnerability | ||||||||
| version | 36 |
References
- http://secunia.com/advisories/19426
- http://securitytracker.com/id?1015833
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102215-1
- http://www.osvdb.org/24200
- http://www.securityfocus.com/bid/19662
- http://www.sunmanagers.org/archives/1996/1383.html
- http://www.vupen.com/english/advisories/2006/1123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25460
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1470