CVE-1999-1023
Description
useradd in Solaris 7 mishandles date formats for the -e expiration option, allowing accounts to remain active past intended expiry.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
useradd in Solaris 7 mishandles date formats for the -e expiration option, allowing accounts to remain active past intended expiry.
## Vulnerability useradd in Solaris 7 does not properly interpret date formats for the -e (expiration date) argument, allowing users to login after account expiration. Affected: Solaris 7. [1]
Exploitation
An attacker (authorized user) can specify a date like 6/30/2000 which is interpreted as June 30, 2020 instead of 2000, extending account validity. Requires access to useradd command. [1]
Impact
Users can login beyond intended expiration date, leading to unauthorized access. [1]
Mitigation
Sun provided a workaround: replace /etc/datemsk with a corrected version specifying four-digit year formats. No patch mentioned; this is a configuration fix. [1]
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/426nvdPatchVendor Advisory
- marc.infonvd
News mentions
0No linked articles in our index yet.