CVE-1999-1021

CVSS 2.0 Score 7.2 of 10 (high)

Details

Published Dec 30, 1992

Updated: Nov 20, 2024

Summary

CVE-1999-1021 is a vulnerability affecting SunOS 4.1 through 4.1.2 with the Network File System (NFS) service. The flaw allows a local user to manipulate the high order bits of a User ID (UID), specifically setting them to zero. Since the NFS service on these versions of SunOS ignores the high order 16 bits, a user with a UID of 0 in the lower 16 bits can effectively gain root access. This issue was addressed through the application of the NFS jumbo patch upgrade.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SunOS

Affected Vendors

Oracle Corp

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/NWlUA8
https://www.cve.org/CVERecord?id=CVE-1999-1021
https://nvd.nist.gov/vuln/detail/CVE-1999-1021

Back to Vulnerability Database