CVE-1999-1123

SunOS - Privilege Escalation via sunsrc makeinstall or winstall

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-1123. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages a PATH environment variable manipulation to execute a malicious 'make' script via the setuid root binary 'makeinstall', resulting in privilege escalation to root.

Description

The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.

Exploits (2)

exploitdb WORKING POC VERIFIED
by anonymous · textlocalsolaris
https://www.exploit-db.com/exploits/19042

This exploit leverages a PATH environment variable manipulation to execute a malicious 'make' script via the setuid root binary 'makeinstall', resulting in privilege escalation to root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Sun Solaris (sunsrc distribution)
No auth needed
Prerequisites: Access to a system with Sun Solaris sunsrc distribution installed · Presence of setuid root binaries 'makeinstall' or 'winstall' in /usr/release/bin
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · textlocalaix
https://www.exploit-db.com/exploits/19043

This exploit leverages a PATH environment variable manipulation vulnerability in Sun's setuid root binaries (makeinstall and winstall) to execute arbitrary commands as root. By placing a malicious 'install' script in a user-controlled directory and manipulating PATH, an attacker can escalate privileges to root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Sun Solaris (sunsrc distribution)
No auth needed
Prerequisites: Access to a system with Sun's sunsrc distribution installed · Presence of setuid root binaries /usr/release/bin/makeinstall and /usr/release/bin/winstall
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-1991-07.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/582
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22

Scores

EPSS 0.0113
EPSS Percentile 62.6%

Details

Status published
Products (3)
sun/sunos 4.0.3
sun/sunos 4.1
sun/sunos 4.1.1
Published May 20, 1991
Tracked Since Feb 18, 2026