CVE-1999-1432
Solaris 2.4-2.6 - Privilege Escalation via Power Management Suspend Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-1999-1432. PoCs published by Ralf Lehmann.
AI-analyzed exploit summary This is a writeup describing a vulnerability in Sun's power management software (sys-suspend) on Solaris 2.4-2.6. The flaw allows arbitrary command execution by exploiting a race condition during system resume, where keystrokes are passed to the last-focused X application before xlock engages.
Description
Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.
Exploits (1)
This is a writeup describing a vulnerability in Sun's power management software (sys-suspend) on Solaris 2.4-2.6. The flaw allows arbitrary command execution by exploiting a race condition during system resume, where keystrokes are passed to the last-focused X application before xlock engages.