| Vulnerability Name: | CVE-1999-1142 (CCN-3152) | ||||||||
| Assigned: | 1992-05-27 | ||||||||
| Published: | 1992-05-27 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-1999-1142 Source: SUN Type: UNKNOWN 00116 Source: CCN Type: CERT Advisory CA-1992-11 SunOS Environment Variables and setuid/setgid Vulnerability Source: CERT Type: Patch, Third Party Advisory, US Government Resource CA-1992-11 Source: CCN Type: OSVDB ID: 8028 SunOS Dynamically Linked SETUID Program Privilege Escalation Source: CCN Type: BID-43 SunOS LD_LIBRARY_PATH and LD_OPTIONS Vulnerability Source: XF Type: UNKNOWN sun-env(3152) Source: XF Type: UNKNOWN sun-env(3152) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||