CVE-1999-1137
First published: Fri Oct 01 1993(Updated: )
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Solaris SPARC | ||
| Sun SunOS | ||
| Sun SunOS | <=5.2 | |
| Sun SunOS | =4.1 | |
| Sun SunOS | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-1999-1137?
CVE-1999-1137 is considered a moderate severity vulnerability due to the potential for local users to monitor audio via the /dev/audio device.
How do I fix CVE-1999-1137?
To fix CVE-1999-1137, it is recommended to change the permissions on the /dev/audio device to restrict access.
Who is affected by CVE-1999-1137?
CVE-1999-1137 affects local users on Solaris 2.2 and earlier, as well as SunOS 4.1.x systems.
What can an attacker do with CVE-1999-1137?
An attacker exploiting CVE-1999-1137 can potentially eavesdrop on conversations by accessing the /dev/audio device.
Is CVE-1999-1137 a remote exploit?
No, CVE-1999-1137 is a local exploit, meaning it requires access to the affected system to be exploited.
- agent/references
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/sun
- canonical/oracle solaris sparc
- canonical/sun sunos
- version/sun sunos/5.2
- version/sun sunos/4.1
- version/sun sunos/5.0