ID CVE-1999-1587
Summary /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 2.1 (as of 01-05-2006 - 16:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Solaris 8/9 ps - Environment Variable Information leak. CVE-1999-1587. Local exploit for Solaris platform
id EDB-ID:40727
last seen 2016-11-09
modified 2006-07-26
published 2006-07-26
reporter Exploit-DB
source https://www.exploit-db.com/download/40727/
title Solaris 8/9 ps - Environment Variable Information leak
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_109023.NASL
    description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: 'ps' command line utility). The supported version that is affected is 8. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 21170
    published 2006-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21170
    title Solaris 8 (sparc) : 109023-08
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_120239.NASL
    description SunOS 5.9_x86: ps cmd patch. Date this patch was last updated by Sun : Mar/24/06
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 21173
    published 2006-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21173
    title Solaris 9 (x86) : 120239-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_120240.NASL
    description SunOS 5.9: ps cmd patch. Date this patch was last updated by Sun : Mar/24/06
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 21172
    published 2006-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21172
    title Solaris 9 (sparc) : 120240-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_109024.NASL
    description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: 'ps' command line utility). The supported version that is affected is 8. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-01-16
    modified 2018-07-30
    plugin id 21171
    published 2006-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21171
    title Solaris 8 (x86) : 109024-08
oval via4
accepted 2007-02-20T13:39:44.948-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Nabil Ouchn
    organization Security-Database
description /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
family unix
id oval:org.mitre.oval:def:1470
status accepted
submitted 2006-03-28T09:02:00.000-04:00
title Alternate ps Command Information Disclosure Vulnerability
version 32
refmap via4
bid 19662
misc http://www.sunmanagers.org/archives/1996/1383.html
osvdb 24200
sectrack 1015833
secunia 19426
sunalert 102215
vupen ADV-2006-1123
xf solaris-ps-information-disclosure(25460)
Last major update 07-03-2011 - 21:02
Published 31-12-1999 - 00:00
Last modified 30-10-2018 - 12:25
Back to Top