CVE-1999-1137 - OpenCVE

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Solaris Sunos

Configuration 1 [-]

OR	cpe:2.3:o:sun:solaris::::::::
	cpe:2.3:o:sun:sunos::::::::
	cpe:2.3:o:sun:sunos::::::::
	cpe:2.3:o:sun:sunos:4.1:::::::*
	cpe:2.3:o:sun:sunos:5.0:::::::*

References

Link	Resource
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba	Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/e-01.shtml	Patch Vendor Advisory
http://www.osvdb.org/6436
https://exchange.xforce.ibmcloud.com/vulnerabilities/549

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-03-09T05:00:00

Updated: 2002-02-11T10:00:00

Reserved: 2001-08-31T00:00:00

Link: CVE-1999-1137

JSON object: View

NVD Information

Status : Modified

Published: 1993-10-01T04:00:00.000

Modified: 2018-10-30T16:25:11.980

Link: CVE-1999-1137

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "1993-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-02-11T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "00122", "tags": ["vendor-advisory", "x_refsource_SUN"], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba"}, {"name": "E-01", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/e-01.shtml"}, {"name": "sun-audio(549)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/549"}, {"name": "6436", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/6436"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-1137", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "00122", "refsource": "SUN", "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba"}, {"name": "E-01", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/e-01.shtml"}, {"name": "sun-audio(549)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/549"}, {"name": "6436", "refsource": "OSVDB", "url": "http://www.osvdb.org/6436"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-1137", "datePublished": "2002-03-09T05:00:00", "dateReserved": "2001-08-31T00:00:00", "dateUpdated": "2002-02-11T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*", "matchCriteriaId": "11AEFEC9-5DB4-44CB-977D-6561DC1680C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*", "matchCriteriaId": "672DD6BA-F3B2-4F1A-BA2C-0DA68A47853A", "versionEndIncluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5955AC0-3036-4943-B6BD-52DD3E039089", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1370216-93EB-400F-9AA6-CB2DC316DAA7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone."}], "id": "CVE-1999-1137", "lastModified": "2018-10-30T16:25:11.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "1993-10-01T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ciac.org/ciac/bulletins/e-01.shtml"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/6436"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/549"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}