Executive Summary
Summary | |
---|---|
Title | Sun Alert 102772 Third-party Applications Using GSS-API May Be Vulnerable to Compromise |
Informations | |||
---|---|---|---|
Name | SUN-102772 | First vendor Publication | 2009-05-14 |
Vendor | Sun | Last vendor Modification | 2009-06-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Third-party applications which utilize GSS-API and thus link to the Generic Security Services library libgss(3LIB), may allow an unauthenticated user (local or remote depending on the application) the ability to execute arbitrary code with the privileges of the application. Note: Exploitation of this vulnerability is believed to be difficult. No exploit code is known to exist at this time. This issue is referenced in the following documents: MITKRB5-SA-2006-003 - MIT krb5 Security Advisory 2006-003 at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-003-mechglue.txt CVE-2006-6144 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6144 CERT VU#831452 at http://www.security-database.com/detail.php?vu=VU831452 State: Resolved First released: 14-May-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102772_third_party |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-09-23 | Name : Solaris Update for libgss.so.1 141719-01 File : nvt/gb_solaris_141719_01.nasl |
2009-09-23 | Name : Solaris Update for libgss.so.1 141720-01 File : nvt/gb_solaris_141720_01.nasl |
2009-02-27 | Name : Fedora Update for krb5 FEDORA-2007-033 File : nvt/gb_fedora_2007_033_krb5_fc6.nasl |
2009-01-28 | Name : SuSE Update for krb5 SUSE-SA:2007:004 File : nvt/gb_suse_2007_004.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-21 (mit-krb5) File : nvt/glsa_200701_21.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31280 | MIT Kerberos GSS-API mechglue Memory Management Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_krb5-2440.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_krb5-2442.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2007_004.nasl - Type : ACT_GATHER_INFO |
2007-01-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-21.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-033.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 112908-38 File : solaris9_112908.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 115168-24 File : solaris9_x86_115168.nasl - Type : ACT_GATHER_INFO |