Executive Summary
Summary | |
---|---|
Title | Sun Alert 102954 dtsession(1X) Contains a Buffer Overflow Vulnerability |
Informations | |||
---|---|---|---|
Name | SUN-102954 | First vendor Publication | 2007-06-27 |
Vendor | Sun | Last vendor Modification | 2007-06-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System An unprivileged local user may be able to execute arbitrary code or commands with the privileges of the dtsession(1X) Common Desktop Environment (CDE) Session Manager. The dtsession(1X) CDE Session Manager runs with root privileges. Avoidance: Patch, Workaround State: Resolved First released: 27-Jun-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102954_dtsession_1x |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2015 | |||
Oval ID: | oval:org.mitre.oval:def:2015 | ||
Title: | dtsession(1X) Contains a Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3471 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 6 |
OpenVAS Exploits
Date | Description |
---|---|
2009-06-03 | Name : Solaris Update for CDE 1.5 113240-13 File : nvt/gb_solaris_113240_13.nasl |
2009-06-03 | Name : Solaris Update for dtsession 113241-13 File : nvt/gb_solaris_113241_13.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36608 | Solaris Common Desktop Environment (CDE) Session Manager dtsession Local Over... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-07-02 | Name : The remote host is missing Sun Security Patch number 125279-05 File : solaris10_125279.nasl - Type : ACT_GATHER_INFO |
2007-07-02 | Name : The remote host is missing Sun Security Patch number 125280-05 File : solaris10_x86_125280.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109354-26 File : solaris8_109354.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109355-25 File : solaris8_x86_109355.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 113240-13 File : solaris9_113240.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 113241-13 File : solaris9_x86_113241.nasl - Type : ACT_GATHER_INFO |