CVE-1999-1587 - /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to

CVE-1999-1587

Summary

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

References

Vulnerable Configurations

cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2007-02-20T13:39:44.948-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Nabil Ouchn
organization Security-Database

description

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

family

unix

oval:org.mitre.oval:def:1470

status

accepted

submitted

2006-03-28T09:02:00.000-04:00

title

Alternate ps Command Information Disclosure Vulnerability

version

refmap via4

bid	19662
misc	http://www.sunmanagers.org/archives/1996/1383.html
osvdb	24200
sectrack	1015833
secunia	19426
sunalert	102215
vupen	ADV-2006-1123
xf	solaris-ps-information-disclosure(25460)

Last major update

30-10-2018 - 16:25

Published

31-12-1999 - 05:00

Last modified

30-10-2018 - 16:25