PT-1997-1197 · Oracle · Solaris

Published

1997-05-13

Updated

2018-10-30

CVE-1999-1158

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Solaris versions 2.3 through 2.5.1

Description A buffer overflow issue exists in the pluggable authentication module (PAM) and unix scheme, allowing local users to gain root privileges through programs that utilize these modules, such as passwd, yppasswd, and nispasswd.

Recommendations For Solaris versions 2.3 through 2.5.1, consider restricting access to the vulnerable modules until a patch is available. As a temporary workaround, avoid using programs that utilize the affected PAM and unix scheme modules, such as passwd, yppasswd, and nispasswd, to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1158

Affected Products

Solaris

PT-1997-1197 · Oracle · Solaris

CVE-1999-1158

Related Identifiers

Affected Products

References · 5