CVE-1999-1402

Solaris/SunOS <4.4 - Local Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1402. PoCs published by Thamer Al-Herbish.

AI-analyzed exploit summary This exploit demonstrates a vulnerability in Solaris 2.6 and other Unix-like systems where Unix domain sockets are created with overly permissive permissions (mode 4777). The code binds a socket to a path in /tmp, making it accessible to any user, which could lead to unauthorized connections or data injection.

Description

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thamer Al-Herbish · clocalfreebsd

https://www.exploit-db.com/exploits/19346

View Code ZIP pw:eip

This exploit demonstrates a vulnerability in Solaris 2.6 and other Unix-like systems where Unix domain sockets are created with overly permissive permissions (mode 4777). The code binds a socket to a path in /tmp, making it accessible to any user, which could lead to unauthorized connections or data injection.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Solaris 2.6 and other Unix-like systems with vulnerable Unix domain socket implementations

No auth needed

Prerequisites: Access to the target system · Ability to create a Unix domain socket

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/7172.php

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/456

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=87602248718482&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=87602167418317&w=2

Scores

EPSS 0.0080

EPSS Percentile 52.1%

Details

Status published

Products (16)

freebsd/freebsd 2.2.2

freebsd/freebsd 2.2.3

freebsd/freebsd 2.2.4

freebsd/freebsd 2.2.5

freebsd/freebsd 2.2.6

freebsd/freebsd 2.2.8

freebsd/freebsd 3.0

freebsd/freebsd 3.1

sun/solaris 2.5

sun/solaris 2.5.1 (2 CPE variants)

... and 6 more

Published May 17, 1997

Tracked Since Feb 18, 2026