Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-0689CDE vulnerability

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 51.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
CDESUN SolarisSUN Sunos
Timeline
PublishedSep 13
Latest updateApr 30

Description

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

NVDcde/cde7 versions+6
NVDsun/sunos5.5, 5.5.1, 5.7+2
NVDsun/solaris4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-wp6j-p4jf-4rwv: The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack2022-04-30
CVEList
CVE-1999-0689: The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack2000-01-04

💥Exploits & PoCs

1
Exploit-DB
Common Desktop Environment 2.1 20 / Solaris 7.0 - 'dtspcd' Local Privilege Escalation1999-09-13
CVE-1999-0689 — CDE vulnerability | cvebase