CVE-2001-1555 — Improper Privilege Management in Solaris

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 79.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedDec 31

Latest updateApr 30

Description

pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/solaris8.0

▶NVDsun/sunos5.8

Patches

Patch: securitytracker.com ↗Patch: sunsolve.sun.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-pqxf-cpww-63mq: pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other u↗2022-04-30

▶

CVEList

CVE-2001-1555: pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other u↗2005-07-14

▶

📐Framework References

CWE

Improper Privilege Management↗

▶