Vulnerability Description
SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Sunos | <= 4.1.2 |
References
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116
- http://www.cert.org/advisories/CA-1992-11.htmlPatchThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3152
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116
- http://www.cert.org/advisories/CA-1992-11.htmlPatchThird Party AdvisoryUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/3152
FAQ
What is CVE-1999-1142?
CVE-1999-1142 is a vulnerability with a CVSS score of 7.2 (HIGH). SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, tha...
How severe is CVE-1999-1142?
CVE-1999-1142 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1142?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Sunos.