published date: October 1, 1993

CVE-1999-1137 : The permissions for the...

Description

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

Product(s):

Sun Solaris
Sun Solaris 1.0.1
Sun Solaris 1.0
Sun Solaris 1.1.1a
Sun Solaris 1.1.2
Sun Solaris 1.1.3
Sun Solaris 1.1.4
Sun Solaris 1.1
Sun Solaris 1.1c
Sun Solaris 1.2
Sun Solaris 10.0
Sun Solaris 10.0 for SPARC
Sun Solaris 10
Sun Solaris 11.0
Sun Solaris 11
Sun Solaris 2.0
Sun Solaris 2.1
Sun Solaris 2.2
Sun Solaris 2.3
Sun Solaris 2.4
Sun Solaris 2.5.1
Sun Solaris 2.5
Sun Solaris 2.6
Sun Solaris 2.6 HW3
Sun Solaris 2.6 x86HW3
Sun Solaris 2.6 HW5
Sun Solaris 2.6 x86HW5
Sun Solaris 2.7
Sun Solaris 2.8
Sun Solaris 4.1.1
Sun Solaris 4.1.2
Sun Solaris 4.1.3
Sun Solaris 4.1.3 U1
Sun Solaris 5.3
Sun Solaris 5.4
Sun Solaris 5.5.1
Sun Solaris 5.5
Sun Solaris 5.6
Sun Solaris 5.8
Sun Solaris 5.9
Sun Solaris 7.0
Sun Solaris 8.0
Sun Solaris 8.1
Sun Solaris 8.2
Sun Solaris 8
Sun Solaris 9.0
Sun Solaris 9.0 for SPARC
Sun Solaris 9.1
Sun Solaris 9
Sun SunOS
Sun SunOS (formerly Solaris)
Sun SunOS 3.5
Sun SunOS 4.0.1
Sun SunOS 4.0.2
Sun SunOS 4.0.3
Sun SunOS 4.0.3c
Sun SunOS 4.0
Sun SunOS 4.1.1
Sun SunOS 4.1.2
Sun SunOS 4.1.3
Sun SunOS 4.1.3c
Sun SunOS 4.1.3u1
Sun SunOS 4.1.4
Sun SunOS 4.1
Sun SunOS 4.1PSR_A
Sun Microsystems Solaris 2.0
Sun SunOS (Solaris 10) 5.10
Sun SunOS (Solaris 10) 5.10 on AMD64
Sun OS 5.10 SPARC
Sun SunOS (Solaris 11) 5.11
Sun SunOS 5.11 (Solaris 11) on SPARC
Sun SunOS (formerly Solaris 11) 5.11 Express
Sun SunOS (Solaris 10) 5.11 on AMD64
Sun SunOS (Solaris 10) 5.11 on x86
Sun Microsystems Solaris 2.1
Sun Microsystems Solaris 2.2
Sun Microsystems Solaris 2.3
Sun Microsystems Solaris 2.4
Sun Microsystems Solaris 2.5.1
Sun Microsystems Solaris 2.5
Sun Microsystems Solaris 2.6
Sun Microsystems Solaris 7
Sun SunOS (Solaris 8) 5.8
Sun SunOS (Solaris 9) 5.9

CVSS:2.1 [Critical]
EPSS:0.08%
Exploitability:3.9
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-1999-1137, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-1999-1137 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-1999-1137

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales