Vulnerability Name:

CVE-1999-0209 (CCN-122)

Assigned:1990-08-14
Published:1990-08-14
Updated:2008-09-09
Summary:The SunView (SunTools) selection_svc facility allows remote users to read files.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-1999-0209

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00101
selection_svc and rpc can be used to gain access to system files

Source: CCN
Type: CERT Advisory CA-1990-05
SunView selection_svc vulnerability

Source: CCN
Type: CIAC Information Bulletin A-32
SunView/SunTools selection_svc Vulnerability

Source: CCN
Type: CIAC Information Bulletin B-11
OpenWindows 2.0 selection_svc Vulnerability

Source: BID
Type: UNKNOWN
8

Source: CCN
Type: BID-8
SunView selection_svc Vulnerability

Source: XF
Type: UNKNOWN
selsvc(122)

Source: CCN
Type: Rapid7 Vulnerability & Exploit Database
Solaris ypupdated Command Execution

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:sunos:3.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:sunos:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-1999-0209 (CCN-123)

    Assigned:1990-08-14
    Published:1990-08-14
    Updated:2008-09-09
    Summary:The SunView (SunTools) selection_svc facility allows remote users to read files.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Obtain Information
    References:Source: MITRE
    Type: CNA
    CVE-1999-0209

    Source: CCN
    Type: CERT Advisory CA-1990-05
    SunView selection_svc vulnerability

    Source: CCN
    Type: BID-8
    SunView selection_svc Vulnerability

    Source: XF
    Type: UNKNOWN
    selsvc-holdfile(123)

    Source: CCN
    Type: Rapid7 Vulnerability & Exploit Database
    Solaris ypupdated Command Execution

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:sun:sunos:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:3.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun sunos 3.5
    sun sunos 4.0
    sun sunos 4.0.1
    sun sunos 4.0.2
    sun sunos 4.0.3
    sun sunos 4.1
    sun sunos 4.1.1
    sun sunos 4.0.3
    sun sunos 4.1
    sun sunos 4.0.3
    sun sunos 4.1
    sun sunos 4.1.1
    sun sunos 4.0
    sun sunos 4.0.1
    sun sunos 3.5
    sun sunos 4.0.2