PT-1994-1021 · Sun · Sunos

Published

1994-05-13

Updated

2008-09-05

CVE-1999-1388

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SunOS versions 4.1.x

Description The issue allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. This is related to the passwd functionality in SunOS.

Recommendations For SunOS versions 4.1.x, avoid using the -F command line argument with the passwd command until a fix is available. As a temporary workaround, consider restricting access to the passwd command to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1388

Affected Products

Sunos

PT-1994-1021 · Sun · Sunos

CVE-1999-1388

Related Identifiers

Affected Products

References · 4