CVE-1999-1413

CVSS 2.0 Score 4.6 of 10 (medium)

Details

Published Aug 3, 1996

Updated: Nov 20, 2024

Summary

CVE-1999-1413 is a vulnerability affecting Solaris 2.4 before the kernel jumbo patch -35. This issue permits set-gid programs to generate core dumps even if the real user ID is not part of the set-gid group. Consequently, local users can manipulate files with higher privileges by leveraging this core dump functionality, for instance, through the dmesg utility. This vulnerability poses a significant risk, as it allows unintended access to sensitive data or system modifications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SunOS

Affected Vendors

Oracle Corp

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/NWlYw-
https://www.cve.org/CVERecord?id=CVE-1999-1413
https://nvd.nist.gov/vuln/detail/CVE-1999-1413

Back to Vulnerability Database