CVE Catalog

CVE-1999-1137

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

Permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device. This could be exploited by an attacker to monitor conversations happening near a machine with a microphone.

Risk Assessment

The organization may be exposed to privacy breaches as local users can eavesdrop on conversations. This poses a risk of confidential information leakage.

Recommendation

It is recommended to restrict permissions for the /dev/audio device to trusted users only and consider upgrading the system to a newer version that does not have this vulnerability.

Original NVD description (English source)

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS