CVE-1999-1413

Solaris 2.4 - Unauthenticated Privilege Escalation via Core Dump Overwrite

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1413. PoCs published by Jungseok Roh.

AI-analyzed exploit summary This is a writeup describing a symlink attack vulnerability in Solaris 2.4 pre Jumbo Kernel Patch -35 (for SPARC) that allows overwriting files in directories owned by the 'bin' group by forcing programs in the 'bin' group to dump core.

Description

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Jungseok Roh · textremotesolaris
https://www.exploit-db.com/exploits/19236

This is a writeup describing a symlink attack vulnerability in Solaris 2.4 pre Jumbo Kernel Patch -35 (for SPARC) that allows overwriting files in directories owned by the 'bin' group by forcing programs in the 'bin' group to dump core.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Solaris 2.4 pre Jumbo Kernel Patch -35 (for SPARC)
No auth needed
Prerequisites: Access to a system running Solaris 2.4 pre Jumbo Kernel Patch -35 (for SPARC) · Ability to create symlinks in a writable directory
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=87602167419549&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/296

Scores

EPSS 0.0072
EPSS Percentile 49.6%

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (2)
sun/solaris 2.4
sun/sunos 5.4
Published Aug 03, 1996
Tracked Since Feb 18, 2026