Executive Summary

Informations
Name CVE-2006-4439 First vendor Publication 2006-08-29
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N)
Cvss Base Score 3.6 Attack Range Local
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4439

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2010
 
Oval ID: oval:org.mitre.oval:def:2010
Title: pkgadd(1M) May Set Incorrect Permissions if The pkgmap(4) File Contains a "?" in The "Mode" Field
Description: pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
Family: unix Class: vulnerability
Reference(s): CVE-2006-4439
 Version: 1
Platform(s): Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 967-1 (elog)
File : nvt/deb_967_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
28203 Solaris pkgadd File Permission Weakness Local Privilege Escalation

Sun Solaris contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in pkgadd, which may set insecure file permissions (755 or 777) on files and directories when installing a package with a pkgmap file containing a '?' character in the 'mode' field. This flaw may lead to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2006-09-04 Name : The remote host is missing Sun Security Patch number 119255-93
File : solaris10_x86_119255.nasl - Type : ACT_GATHER_INFO
2006-08-21 Name : The remote host is missing Sun Security Patch number 119254-93
File : solaris10_119254.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://secunia.com/advisories/21633
http://secunia.com/advisories/22992
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102513-1
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.osvdb.org/28203
http://www.securityfocus.com/bid/19730
http://www.vupen.com/english/advisories/2006/3397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2024-11-28 23:19:40
  • Multiple Updates
2024-11-28 12:09:51
  • Multiple Updates
2021-05-04 12:04:30
  • Multiple Updates
2021-04-22 01:05:09
  • Multiple Updates
2020-05-23 00:18:18
  • Multiple Updates
2017-10-11 09:23:44
  • Multiple Updates
2016-06-28 15:56:12
  • Multiple Updates
2016-04-26 15:00:56
  • Multiple Updates
2014-02-17 10:37:06
  • Multiple Updates
2013-05-11 11:07:45
  • Multiple Updates