A vulnerability was found in Digital Unix V4.0/V4.0d (Operating System). It has been classified as problematic. This affects an unknown functionality of the component Advanced File System Utility. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.

The weakness was disclosed 05/07/1998 as I-050 (CIAC). It is possible to read the advisory at ciac.llnl.gov. This vulnerability is uniquely identified as CVE-1999-1044. The exploitability is told to be easy. Attacking locally is a requirement. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

After before and not just, there has been an exploit disclosed. The vulnerability was handled as a non-public zero-day exploit for at least 170 days. During that time the estimated underground price was around $0-$5k.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (7431).

Productinfo

Type

• Operating System

Vendor

• Digital

Name

• Unix

Version

• V4.0
• V4.0d

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion