Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0674 — Netbsd vulnerability

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 41.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netbsd Openbsd SUN Solaris +1 more

Timeline

PublishedAug 9

Latest updateApr 30

Description

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDsun/sunos7 versions+6

▶NVDsun/solaris4 versions+3

▶NVDopenbsd/openbsd6 versions+5

Also affects: Netbsd 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-q8cp-g8hf-5jjj: The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve↗2022-04-30

▶

CVEList

CVE-1999-0674: The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve↗2000-01-04

▶

💥Exploits & PoCs

Exploit-DB

NetBSD 1.4 / OpenBSD 2.5 / Solaris 7.0 - 'profil(2)' Modify The Internal Data Space↗1999-08-09

▶