CVE-1999-1142

SunOS < 4.1.2 - Privilege Escalation via LD_* Environment Variables

Title source: llm
STIX 2.1

Description

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

References (3)

Core 3
Core References
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-1992-11.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/3152
Vendor Advisory vendor-advisory x_refsource_sun
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116

Scores

EPSS 0.0088
EPSS Percentile 75.5%

Details

Status published
Products (1)
sun/sunos < 4.1.2
Published May 27, 1992
Tracked Since Feb 18, 2026