Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1413Solaris vulnerability

4 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.6%
top 30.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN SolarisSUN Sunos
Timeline
PublishedAug 3
Latest updateApr 30

Description

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

NVDsun/solaris2.4
NVDsun/sunos5.4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-6v6p-c65q-8x22: Solaris 22022-04-30
CVEList
CVE-1999-1413: Solaris 22001-09-12

💥Exploits & PoCs

1
Exploit-DB
Solaris 7.0 - 'Coredump' File Write1996-08-03
CVE-1999-1413 — SUN Solaris vulnerability | cvebase