CVE-1999-0168 β€” Confused Deputy in Sunos

CWE-441 β€” Confused Deputy5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Sunos
Timeline
PublishedJun 4
Latest updateApr 16

Description

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

β–ΆNVDsun/sunos4.1.3, 4.1.3c+1

πŸ”΄Vulnerability Details

3
VulDB
Sun SunOS 4.1.3/4.1.3c Portmapper privileges management (Nessus ID 11358 / XFDB-80)β†—2026-04-16
β–Ά
GHSA
GHSA-r3m3-g7jw-9454: The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypa↗2022-04-30
β–Ά
CVEList
CVE-1999-0168: The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypa↗1999-09-29
β–Ά

πŸ“Framework References

1
CWE
Unintended Proxy or Intermediary ('Confused Deputy')β†—
β–Ά
CVE-1999-0168 β€” Confused Deputy in SUN Sunos | cvebase