7.2 - SUN-102954

Executive Summary

Summary
Title	Sun Alert 102954 dtsession(1X) Contains a Buffer Overflow Vulnerability

Informations
Name	SUN-102954	First vendor Publication	2007-06-27
Vendor	Sun	Last vendor Modification	2007-06-27
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

An unprivileged local user may be able to execute arbitrary code or commands with the privileges of the dtsession(1X) Common Desktop Environment (CDE) Session Manager. The dtsession(1X) CDE Session Manager runs with root privileges.

Avoidance: Patch, Workaround

State: Resolved

First released: 27-Jun-2007

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102954-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_102954_dtsession_1x

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2015

Oval ID:	oval:org.mitre.oval:def:2015
Title:	dtsession(1X) Contains a Buffer Overflow Vulnerability
Description:	Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3471	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 8 (SPARC) Solaris 8 (SPARC) is installed AND NOT Patch 109354-26 or later installed OR Solaris 8 (x86) Solaris 8 (x86) is installed AND NOT Patch 109355-25 or later installed OR Solaris 9 (SPARC) Solaris 9 (SPARC) is installed AND NOT Patch 113240-13 or later installed OR Solaris 9 (x86) Solaris 9 (x86) is installed AND NOT Patch 113241-13 or later installed OR Solaris 10 (SPARC) Solaris 10 (SPARC) is installed AND NOT Patch 125279-02 or later installed OR Solaris 10 (x86) Solaris 10 (x86) is installed AND NOT Patch 125280-02 or later installed

CPE : Common Platform Enumeration

Type	Description	Count
Os	Sun Solaris cpe:2.3:o:sun:solaris:10.0::sparc::::: cpe:2.3:o:sun:solaris:10.0::x86::::: cpe:2.3:o:sun:solaris:9.0::x86::::: cpe:2.3:o:sun:solaris:9.0::sparc::::: cpe:2.3:o:sun:solaris:8.0::sparc::::: cpe:2.3:o:sun:solaris:8.0::x86:::::	6

OpenVAS Exploits

Date	Description
2009-06-03	Name : Solaris Update for CDE 1.5 113240-13 File : nvt/gb_solaris_113240_13.nasl
2009-06-03	Name : Solaris Update for dtsession 113241-13 File : nvt/gb_solaris_113241_13.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
36608	Solaris Common Desktop Environment (CDE) Session Manager dtsession Local Over...

Nessus® Vulnerability Scanner

Date	Description
2007-07-02	Name : The remote host is missing Sun Security Patch number 125279-05 File : solaris10_125279.nasl - Type : ACT_GATHER_INFO
2007-07-02	Name : The remote host is missing Sun Security Patch number 125280-05 File : solaris10_x86_125280.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109354-26 File : solaris8_109354.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 109355-25 File : solaris8_x86_109355.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 113240-13 File : solaris9_113240.nasl - Type : ACT_GATHER_INFO
2004-07-12	Name : The remote host is missing Sun Security Patch number 113241-13 File : solaris9_x86_113241.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	6
osvdb(s)	1
Openvas Exploit(s)	2
Nessus® Exploit(s)	6

	Related
7.2	CVE-2007-3471
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

7.2 - SUN-102954

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU