Vulnerability Description
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Sunos | 5.7 |
References
- http://marc.info/?l=bugtraq&m=92633694100270&w=2
- http://marc.info/?l=bugtraq&m=93971288323395&w=2
- http://www.securityfocus.com/bid/250
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8350
- http://marc.info/?l=bugtraq&m=92633694100270&w=2
- http://marc.info/?l=bugtraq&m=93971288323395&w=2
- http://www.securityfocus.com/bid/250
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8350
FAQ
What is CVE-1999-1080?
CVE-1999-1080 is a vulnerability with a CVSS score of 7.2 (HIGH). rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to ...
How severe is CVE-1999-1080?
CVE-1999-1080 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1080?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Sunos.