Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-0895 | First vendor Publication | 2007-02-12 |
Vendor | Cve | Last vendor Modification | 2018-10-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:N/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Local |
Cvss Impact Score | 4.9 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0895 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8272 | |||
Oval ID: | oval:org.mitre.oval:def:8272 | ||
Title: | Security Vulnerability in rm(1) may Lead to Unauthorized Deletion of Files or Directories | ||
Description: | Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-0895 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31880 | Solaris rm Race Condition Arbitrary File Deletion Solaris contains a race condition flaw in handling recursive directory deletion via the "rm" command using the "-r" or "-R" option. This may allow local users to trigger the deletion of files and directories by moving lower level directories to a higher level, possible resulting in a DoS condition. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-02-18 | Name : The remote host is missing Sun Security Patch number 124969-01 File : solaris8_124969.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 124970-01 File : solaris8_x86_124970.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 123372-02 File : solaris9_123372.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 123373-02 File : solaris9_x86_123373.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:05:22 |
|
2021-04-22 01:05:56 |
|
2020-05-23 00:19:16 |
|
2018-10-31 00:19:47 |
|
2017-10-11 09:23:50 |
|
2017-07-29 12:02:01 |
|
2016-06-28 16:11:47 |
|
2016-04-26 15:45:51 |
|
2014-02-17 10:39:06 |
|
2013-05-11 10:19:15 |
|