Summary
Detail | |||
---|---|---|---|
Vendor | Disa | First view | 2009-12-04 |
Product | Srr For Solaris | Last view | 2009-12-04 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:disa:srr_for_solaris:*:*:*:*:*:*:*:* | 1 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2009-12-04 | CVE-2009-4211 | The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
60798 | DISA SRR Script for Solaris x86 Multiple Filename SUID Execution Local Privil... |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2009-A-0136 | DISA UNIX Security Readiness Review (SRR) Scripts Local Privilege Escalation ... Severity: Category II - VMSKEY: V0022162 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-09-17 | Name: The remote host is affected by a local privilege escalation vulnerability. File: disa_unix_srr_2009-A-0136.nasl - Type: ACT_GATHER_INFO |