Vulnerability Name:

CVE-1999-1191 (CCN-7442)

Assigned:1997-05-19
Published:1997-05-19
Updated:2018-10-30
Summary:Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: AUSCERT
Type: Patch, Third Party Advisory, US Government Resource
AA-97.18

Source: CCN
Type: BugTraq Mailing List, Mon, 19 May 1997 15:13:08 -0500
Re: Finally, most of an exploit for Solaris 2.5.1's ps.

Source: MITRE
Type: CNA
CVE-1999-1191

Source: BUGTRAQ
Type: UNKNOWN
19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.

Source: CCN
Type: Sun Microsystems, Inc. Security Bulletin #00144
Vulnerability in chkey

Source: SUN
Type: Patch, Vendor Advisory
00144

Source: CCN
Type: AusCERT Advisory AA-97.18
Solaris 2.x chkey Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
solaris-chkey-bo(7442)

Source: CCN
Type: OSVDB ID: 934
Solaris chkey Command Line Overflow

Source: BID
Type: Exploit, Patch, Vendor Advisory
207

Source: CCN
Type: BID-207
Solaris chkey Vulnerability

Source: XF
Type: UNKNOWN
solaris-chkey-bo(7442)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:2.4:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:*:*:*:*:*:*:*:* (Version <= 5.5.1)

    • Configuration CCN 1:
  • cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.6::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.4:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.6:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun solaris 2.4
    sun solaris 2.5
    sun solaris 2.5.1
    sun sunos 5.4
    sun sunos 5.5
    sun sunos *
    sun solaris 2.3
    sun solaris 2.5.1
    sun solaris 2.6
    sun solaris 2.5
    sun solaris 2.5.1
    sun solaris 2.6
    sun solaris 2.4
    sun solaris 2.2
    sun solaris 2.5.1
    sun sunos 5.5
    sun sunos 5.5.1
    sun sunos 5.4
    sun sunos 5.3
    sun solaris 2.7
    sun solaris 2.8
    sun solaris 2.6
    sun solaris 2.4
    sun solaris 2.0
    sun solaris 2.1
    sun solaris 2.5
    sun solaris 2.6 hw3
    sun solaris 2.6 hw5
    sun solaris 2.5.1