CVE-1999-1026

aspppd <Solaris 2.5 x86 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1026. PoCs published by Al-Herbish.

AI-analyzed exploit summary This exploit leverages a symlink attack on the insecurely created /tmp/.asppp.fifo file by Aspppd in Solaris. By creating a symlink to a target file (e.g., .rhosts), an attacker can elevate privileges or modify sensitive files when Aspppd is executed.

Description

aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Al-Herbish · textlocalsolaris
https://www.exploit-db.com/exploits/19233

This exploit leverages a symlink attack on the insecurely created /tmp/.asppp.fifo file by Aspppd in Solaris. By creating a symlink to a target file (e.g., .rhosts), an attacker can elevate privileges or modify sensitive files when Aspppd is executed.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Aspppd (Solaris)
No auth needed
Prerequisites: Access to the target system · Aspppd must be executed after symlink creation
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=87602167420343&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/292

Scores

EPSS 0.0086
EPSS Percentile 54.3%

Details

Status published
Products (3)
sun/solaris 2.4
sun/solaris 2.5
sun/solaris 2.5.1
Published Dec 20, 1996
Tracked Since Feb 18, 2026