CVE-1999-1026 - aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via

CVE-1999-1026

Summary

aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.

References

Vulnerable Configurations

cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	292
bugtraq	19961220 Solaris 2.5 x86 aspppd (semi-exploitable-hole)

Last major update

18-10-2016 - 02:00

Published

20-12-1996 - 05:00

Last modified

18-10-2016 - 02:00