| Vulnerability Name: | CVE-1999-1402 (CCN-7172) | ||||||||
| Assigned: | 1997-05-17 | ||||||||
| Published: | 1997-05-17 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat, 17 May 1997 11:43:47 +0000 UNIX domain socket (Solarisx86 2.5) Source: CCN Type: BugTraq Mailing List, Fri, 3 Oct 1997 21:55:27 -0400 Solaris 2.6 and sockets Source: CCN Type: BugTraq Mailing List, Mon, 6 Oct 1997 10:34:03 +0200 Re: Solaris 2.6 and sockets Source: MITRE Type: CNA CVE-1999-1402 Source: BUGTRAQ Type: UNKNOWN 19970517 UNIX domain socket (Solarisx86 2.5) Source: BUGTRAQ Type: UNKNOWN 19971003 Solaris 2.6 and sockets Source: XF Type: UNKNOWN sun-domain-socket-permissions(7172) Source: CCN Type: OSVDB ID: 1006 Multiple Vendor Unix Domain Socket Source: BID Type: Exploit, Patch, Vendor Advisory 456 Source: CCN Type: BID-456 Multiple Vendor Unix Domain Socket Vulnerability Source: XF Type: UNKNOWN sun-domain-socket-permissions(7172) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||