Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0493 — Solaris vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

20.1%

top 4.50%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedJun 7

Latest updateApr 30

Description

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/sunos5.3, 5.4, 5.5.1+2

▶NVDsun/solaris4 versions+3

Patches

Patch: www.cert.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-3fmx-7555-v8rg: rpc↗2022-04-30

▶

CVEList

CVE-1999-0493: rpc↗2000-06-02

▶

💥Exploits & PoCs

Exploit-DB

Sun Solaris 2.5.1 - rpc.statd rpc Call Relaying↗1999-06-07

▶

📋Vendor Advisories

Red Hat

CVE-1999-0493: rpc↗

▶