Privilege Escalation in Solaris Solstice AdminSuite by Sun Microsystems
CVE-1999-1428

Currently unrated

Key Information:

Vendor: Oracle
Status: Solstice Adminsuite
Vendor: CVE Published:; 10 November 1997

What is CVE-1999-1428?

The Solaris Solstice AdminSuite versions 2.1 and 2.2 contain a vulnerability that allows local users to escalate their privileges through the save option in the Database Manager. This component operates with setgid bin privileges, which inadvertently permits unauthorized users to gain elevated access to system resources. Proper configuration and access controls should be implemented to mitigate the risk associated with this vulnerability.

References

http://www.securityfocus.com/bid/208

vdb-entryx_refsource_BID

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&...

vendor-advisoryx_refsource_SUN

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Nov 10, 1997

Oracle

What is CVE-1999-1428?

References

Timeline