CVE-1999-1432

Solaris 2.4-2.6 - Privilege Escalation via Power Management Suspend Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1432. PoCs published by Ralf Lehmann.

AI-analyzed exploit summary This is a writeup describing a vulnerability in Sun's power management software (sys-suspend) on Solaris 2.4-2.6. The flaw allows arbitrary command execution by exploiting a race condition during system resume, where keystrokes are passed to the last-focused X application before xlock engages.

Description

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ralf Lehmann · textlocalsolaris
https://www.exploit-db.com/exploits/19126

This is a writeup describing a vulnerability in Sun's power management software (sys-suspend) on Solaris 2.4-2.6. The flaw allows arbitrary command execution by exploiting a race condition during system resume, where keystrokes are passed to the last-focused X application before xlock engages.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Racy
Target: Sun Solaris 2.4-2.6 (sys-suspend)
No auth needed
Prerequisites: Physical access to the Sun keyboard · An X application (e.g., xterm) with focus before suspension
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=90221104525997&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/160

Scores

EPSS 0.0209
EPSS Percentile 79.3%

Details

Status published
Products (8)
sun/solaris 2.4
sun/solaris 2.5
sun/solaris 2.5.1 (2 CPE variants)
sun/solaris 2.6
sun/sunos
sun/sunos 5.4
sun/sunos 5.5
sun/sunos 5.5.1
Published Jul 16, 1998
Tracked Since Feb 18, 2026