Executive Summary

Informations
Name CVE-1999-1587 First vendor Publication 1999-12-31
Vendor Cve Last vendor Modification 2018-10-30

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.1 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1587

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1470
 
Oval ID: oval:org.mitre.oval:def:1470
Title: Alternate ps Command Information Disclosure Vulnerability
Description: /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
Family: unix Class: vulnerability
Reference(s): CVE-1999-1587
Version: 2
Platform(s): Sun Solaris 8
Sun Solaris 9
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1

OpenVAS Exploits

Date Description
2009-06-03 Name : Solaris Update for ps cmd 120239-01
File : nvt/gb_solaris_120239_01.nasl
2009-06-03 Name : Solaris Update for ps cmd 120240-01
File : nvt/gb_solaris_120240_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
24200 Solaris /usr/ucb/ps Process Environment Variable Disclosure

Solaris contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user runs "/usr/ucb/ps axe", which will disclose other users' environment variables resulting in a loss of confidentiality.

Nessus® Vulnerability Scanner

Date Description
2006-04-03 Name : The remote host is missing Sun Security Patch number 109023-08
File : solaris8_109023.nasl - Type : ACT_GATHER_INFO
2006-04-03 Name : The remote host is missing Sun Security Patch number 109024-08
File : solaris8_x86_109024.nasl - Type : ACT_GATHER_INFO
2006-04-03 Name : The remote host is missing Sun Security Patch number 120240-01
File : solaris9_120240.nasl - Type : ACT_GATHER_INFO
2006-04-03 Name : The remote host is missing Sun Security Patch number 120239-01
File : solaris9_x86_120239.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/19662
MISC http://www.sunmanagers.org/archives/1996/1383.html
OSVDB http://www.osvdb.org/24200
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://securitytracker.com/id?1015833
SECUNIA http://secunia.com/advisories/19426
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102215-1
VUPEN http://www.vupen.com/english/advisories/2006/1123
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/25460

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2020-05-23 00:14:19
  • Multiple Updates
2018-10-31 00:19:40
  • Multiple Updates
2017-10-19 09:23:47
  • Multiple Updates
2017-07-20 09:23:13
  • Multiple Updates
2016-06-28 14:51:56
  • Multiple Updates
2016-04-26 11:34:13
  • Multiple Updates
2014-02-17 10:22:50
  • Multiple Updates
2013-05-11 11:59:12
  • Multiple Updates