CVE-1999-1142

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

Score7.2
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactCOMPLETE
Integrity ImpactCOMPLETE
Availability ImpactCOMPLETE
Published1992-05-27 12:00:00.000-04
Last Modified2017-10-09 09:29:02.000-04

Vulnerable Software List

VendorProductVersions
Sun Sunos 4.1.2

References

SourceLink
SUN00116
CERTCA-1992-11
XFsun-env(3152)