Sun Solstice Adminsuite vulnerabilities

CVE-1999-1425 [MEDIUM] CVE-1999-1425: Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.

CVE-1999-1426 [MEDIUM] CVE-1999-1426: Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, w Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.

CVE-1999-1424 [MEDIUM] CVE-1999-1424: Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NI Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.

CVE-1999-1427 [MEDIUM] CVE-1999-1427: Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows loca Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.

CVE-1999-1428 [MEDIUM] CVE-1999-1428: Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the s Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.