Executive Summary

Summary
Title Sun Alert 267148 A Security Vulnerability in Solaris Cluster 3.2 Configuration Utility (clsetup(1CL)) may Lead to Escalation of Privileges
Informations
Name SUN-267148 First vendor Publication 2009-09-22
Vendor Sun Last vendor Modification 2009-09-22
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris Cluster 3.2

A security vulnerability in the Solaris Cluster 3.2 configuration utility (see clsetup(1CL)) may allow local unprivileged users to gain elevated privileges and potentially execute arbitrary commands with the privileges of the root user.

Sun acknowledges with thanks, Martin Carpenter from Citco (www.citco.com) for bringing this issue to our attention.

State: Resolved
First released: 22-Sep-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_267148_a_security

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
58277 Solaris Cluster clsetup Configuration Utility Local Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-01 IAVM : 2009-A-0087 - Sun Solaris Cluster Local Privilege Escalation Vulnerability
Severity : Category I - VMSKEY : V0021630

Nessus® Vulnerability Scanner

Date Description
2007-10-12 Name : The remote host is missing Sun Security Patch number 126106-42
File : solaris10_126106.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 126107-42
File : solaris10_x86_126107.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 126105-42
File : solaris9_126105.nasl - Type : ACT_GATHER_INFO