CVE-1999-1318 — Uncontrolled Search Path Element in Sunos

CWE-427 — Uncontrolled Search Path Element5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 81.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Sunos

Timeline

PublishedSep 17

Latest updateApr 16

Description

/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDsun/sunos4.1.3+4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

VulDB

Sun Solaris 1.0/1.0.1/1.1/1.1c /usr/5bin/su Search Path privileges management (XFDB-7480)↗2026-04-16

▶

GHSA

GHSA-8xmr-63w7-h7w2: /usr/5bin/su in SunOS 4↗2022-04-30

▶

CVEList

CVE-1999-1318: /usr/5bin/su in SunOS 4↗2002-03-09

▶

📐Framework References

CWE

Uncontrolled Search Path Element↗

▶