What is CVE-1999-1258?

CVE-1999-1258 is a publicly disclosed cybersecurity vulnerability with a MEDIUM severity rating and CVSS score of 5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-1999-1258

MEDIUM5.0/ 10.0

Published: January 15, 1991 at 05:00 AM

Modified: April 3, 2025 at 01:03 AM

Source: cve@mitre.org

Vulnerability Description

rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.

CVSS Metrics

Base Score

5.0

Severity

MEDIUM

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses (CWE)

NVD-CWE-Other

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

SunOS 4.1.1 and earlier systems are vulnerable to a critical remote information disclosure flaw in rpc.pwdauthd. This vulnerability allows attackers to remotely access the daemon and potentially extract sensitive system information, leading to compromise and further attacks. The age of the systems and the nature of the vulnerability make it a high-risk target for attackers seeking to gain a foothold in legacy environments.

02 // Vulnerability Mechanism

Step 1: Target Identification: The attacker identifies a SunOS 4.1.1 or earlier system running rpc.pwdauthd.

Step 2: Connection Establishment: The attacker establishes a remote connection to the vulnerable rpc.pwdauthd daemon, typically over RPC (Remote Procedure Call) on a well-known port.

Step 3: Information Request: The attacker crafts a malicious request to the rpc.pwdauthd daemon. This request exploits the lack of access controls.

Step 4: Information Disclosure: The rpc.pwdauthd daemon processes the malicious request and, due to the vulnerability, provides sensitive system information to the attacker. This could include user account details, password hashes, or other sensitive configuration data.

Step 5: Information Harvesting: The attacker receives the sensitive information and uses it to further compromise the system or other connected systems.

03 // Deep Technical Analysis

The vulnerability stems from a lack of proper access control in the rpc.pwdauthd daemon. Specifically, the daemon fails to adequately restrict remote access, allowing unauthenticated clients to connect and potentially request sensitive information. The root cause is likely a design flaw where the daemon trusts incoming requests without proper authentication or authorization checks. This could involve the daemon providing information such as user account details, password hashes, or other system configuration data. The absence of these checks allows an attacker to bypass security measures and gain unauthorized access to critical system information.