Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 102948 A Security Vulnerability in lbxproxy(1) may Allow Unauthorized Read Access to Files |
| Informations | |||
|---|---|---|---|
| Name | SUN-102948 | First vendor Publication | 2007-07-25 |
| Vendor | Sun | Last vendor Modification | 2007-07-25 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.9 | Attack Range | Local |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System A Security Vulnerability in Low Bandwidth X proxy (lbxproxy(1)) may allow a local unprivileged user, the ability to read some data from any file that has group ownership of root on the system. lbxproxy(1) is used for making connections to the X11 Display Server (Xserver or Xorg) faster over a low bandWidth connection. Sun acknowledges with thanks, Charles Morris, Old Dominion University, for discovering and reporting this issue. Avoidance: Patch, Workaround State: Resolved First released: 25-Jul-2007 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_102948_a_security |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:8334 | |||
| Oval ID: | oval:org.mitre.oval:def:8334 | ||
| Title: | A Security Vulnerability in lbxproxy(1) may Allow Unauthorized Read Access to Files | ||
| Description: | Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-4070 | Version: | 1 |
| Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 6 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 36612 | Solaris Low Bandwidth X Proxy (lbxproxy) Local Privileged File Access lbxproxy contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a local user runs the command with malformed arguments, which will disclose contents of most files resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-04-02 | Name : The remote host is missing Sun security patch number 119059-46. File : solaris10_119059_46.nasl - Type : ACT_GATHER_INFO |
| 2015-04-02 | Name : The remote host is missing Sun security patch number 119060-45. File : solaris10_x86_119060_45.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119059-73 File : solaris10_119059.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119060-72 File : solaris10_x86_119060.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-04-26 13:53:26 |
|
