CVE-1999-1402 - OpenCVE

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Solaris Sunos
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:2.2.2:::::::*
	cpe:2.3:o:freebsd:freebsd:2.2.3:::::::*
	cpe:2.3:o:freebsd:freebsd:2.2.4:::::::*
	cpe:2.3:o:freebsd:freebsd:2.2.5:::::::*
	cpe:2.3:o:freebsd:freebsd:2.2.6:::::::*
	cpe:2.3:o:freebsd:freebsd:2.2.8:::::::*
	cpe:2.3:o:freebsd:freebsd:3.0:::::::*
	cpe:2.3:o:freebsd:freebsd:3.1:::::::*
	cpe:2.3:o:sun:solaris:2.5::x86:::::
	cpe:2.3:o:sun:solaris:2.5.1::ppc:::::
	cpe:2.3:o:sun:solaris:2.5.1::x86:::::
	cpe:2.3:o:sun:solaris:2.6:::::::*
	cpe:2.3:o:sun:sunos:-:::::::*
	cpe:2.3:o:sun:sunos:4.0:::::::*
	cpe:2.3:o:sun:sunos:5.0:::::::*
	cpe:2.3:o:sun:sunos:5.5:::::::*
	cpe:2.3:o:sun:sunos:5.5.1:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=87602167418317&w=2
http://marc.info/?l=bugtraq&m=87602248718482&w=2
http://www.iss.net/security_center/static/7172.php
http://www.securityfocus.com/bid/456	Exploit Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-03-09T05:00:00

Updated: 2002-02-20T10:00:00

Reserved: 2001-08-31T00:00:00

Link: CVE-1999-1402

JSON object: View

NVD Information

Status : Modified

Published: 1997-05-17T04:00:00.000

Modified: 2018-10-30T16:26:22.357

Link: CVE-1999-1402

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "1997-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-02-20T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sun-domain-socket-permissions(7172)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7172.php"}, {"name": "456", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/456"}, {"name": "19971003 Solaris 2.6 and sockets", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=87602248718482&w=2"}, {"name": "19970517 UNIX domain socket (Solarisx86 2.5)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=87602167418317&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-1999-1402", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sun-domain-socket-permissions(7172)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7172.php"}, {"name": "456", "refsource": "BID", "url": "http://www.securityfocus.com/bid/456"}, {"name": "19971003 Solaris 2.6 and sockets", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=87602248718482&w=2"}, {"name": "19970517 UNIX domain socket (Solarisx86 2.5)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=87602167418317&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-1999-1402", "datePublished": "2002-03-09T05:00:00", "dateReserved": "2001-08-31T00:00:00", "dateUpdated": "2002-02-20T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "EBDDEC3F-52EB-4E1E-84C4-B472600059EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "B58E02AE-38B4-466E-BF73-2F0B80AF7BA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3928D5CF-6FC0-434C-8A80-ABDBF346C2C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "314BA420-4C74-4060-8ACE-D7A7C041CF2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "2EAD7613-A5B3-4621-B981-290C7C6B8BA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D1CA3337-9BEE-49C5-9EDE-8CDBE5580537", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE38C50A-81FE-412E-9717-3672FAE6A6F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "263F3734-7076-4EA8-B4C0-F37CFC4E979E", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*", "matchCriteriaId": "200D8CB2-0D52-40A8-9CD9-6E4513605201", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "54AF87E4-52A4-44CA-B48E-A5BB139E6410", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*", "matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2839042D-7706-4059-B069-72E36297ECEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1370216-93EB-400F-9AA6-CB2DC316DAA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "5B72953B-E873-4E44-A3CF-12D770A0D416", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket."}], "id": "CVE-1999-1402", "lastModified": "2018-10-30T16:26:22.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "1997-05-17T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=87602167418317&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=87602248718482&w=2"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/7172.php"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/456"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}