CVE-1999-0860
Solaris - Unauthenticated Arbitrary File Read via chkperm VMSYS Symlink Attack
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-1999-0860. PoCs published by Kevin L Prigge.
AI-analyzed exploit summary This exploit leverages a vulnerability in the FACE package's `chkperm` program on Solaris 2.4, 2.5, and 2.5.1. By manipulating environment variables and symbolic links, an attacker can create or modify files owned by the `bin` group, leading to privilege escalation.
Description
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
Exploits (1)
This exploit leverages a vulnerability in the FACE package's `chkperm` program on Solaris 2.4, 2.5, and 2.5.1. By manipulating environment variables and symbolic links, an attacker can create or modify files owned by the `bin` group, leading to privilege escalation.