Executive Summary

Informations
Name CVE-2007-6505 First vendor Publication 2007-12-20
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Cvss Base Score 3.5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6505

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5282
 
Oval ID: oval:org.mitre.oval:def:5282
Title: Solaris 9 sshd(1M) Patches May Cause Incorrect Audit Data to be Logged
Description: Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6505
 Version: 1
Platform(s): Sun Solaris 9
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
44332 Solaris Auditing Spoofed audit-ID Audit Record Logging Weakness

Nessus® Vulnerability Scanner

Date Description
2007-03-18 Name : The remote host is missing Sun Security Patch number 122300-61
File : solaris9_122300.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 122301-61
File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://osvdb.org/44332
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103172-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201310-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/39185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2024-11-28 23:15:32
  • Multiple Updates
2024-11-28 12:14:16
  • Multiple Updates
2021-05-04 12:06:49
  • Multiple Updates
2021-04-22 01:07:18
  • Multiple Updates
2020-05-23 00:20:55
  • Multiple Updates
2017-09-29 09:23:19
  • Multiple Updates
2017-08-08 09:23:46
  • Multiple Updates
2016-06-28 17:07:11
  • Multiple Updates
2016-04-26 16:55:04
  • Multiple Updates
2014-02-17 10:42:58
  • Multiple Updates
2013-05-11 10:44:40
  • Multiple Updates