CVE-1999-1137

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba	Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/e-01.shtml	Patch Vendor Advisory
http://www.osvdb.org/6436
https://exchange.xforce.ibmcloud.com/vulnerabilities/549

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:sun:solaris::::::::
	cpe:2.3:o:sun:sunos::::::::
	cpe:2.3:o:sun:sunos::::::::
	cpe:2.3:o:sun:sunos:4.1:::::::*
	cpe:2.3:o:sun:sunos:5.0:::::::*

History

No history.

Information

Published : 1993-10-01 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-1999-1137

Mitre link : CVE-1999-1137

CVE.ORG link : CVE-1999-1137

JSON object : View

Products Affected

sun

solaris
sunos

CWE

NVD-CWE-Other

{"id": "CVE-1999-1137", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "1993-10-01T04:00:00.000", "references": [{"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/e-01.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/6436", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/549", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone."}], "lastModified": "2018-10-30T16:25:11.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9"}, {"criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11AEFEC9-5DB4-44CB-977D-6561DC1680C1"}, {"criteria": "cpe:2.3:o:sun:sunos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "672DD6BA-F3B2-4F1A-BA2C-0DA68A47853A", "versionEndIncluding": "5.2"}, {"criteria": "cpe:2.3:o:sun:sunos:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5955AC0-3036-4943-B6BD-52DD3E039089"}, {"criteria": "cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1370216-93EB-400F-9AA6-CB2DC316DAA7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}