CVE-1999-0442

Solaris ff.core - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0442. PoCs published by John McDonald.

AI-analyzed exploit summary This exploit leverages a vulnerability in Solaris's ff.core utility to perform a local privilege escalation by renaming critical system binaries and abusing symlinks. It replaces /usr/bin/admintool and /usr/sbin/in.rlogind with malicious binaries to gain root access via telnet.

Description

Solaris ff.core allows local users to modify files.

Exploits (1)

exploitdb WORKING POC VERIFIED

by John McDonald · bashlocalsolaris

https://www.exploit-db.com/exploits/19258

View Code ZIP pw:eip

This exploit leverages a vulnerability in Solaris's ff.core utility to perform a local privilege escalation by renaming critical system binaries and abusing symlinks. It replaces /usr/bin/admintool and /usr/sbin/in.rlogind with malicious binaries to gain root access via telnet.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Solaris 2.5.1, 2.6, 7 (2.7)

No auth needed

Prerequisites: Presence of /usr/openwin/bin/ff.core · Write access to /vol/rmt · Telnet service enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1204 - User Execution T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/327

Scores

EPSS 0.0068

EPSS Percentile 47.4%

Details

Status published

Products (8)

sun/solaris 2.5

sun/solaris 2.5.1

sun/solaris 2.6

sun/solaris 7.0

sun/sunos

sun/sunos 5.5

sun/sunos 5.5.1

sun/sunos 5.7

Published Jan 07, 1999

Tracked Since Feb 18, 2026