Executive Summary

Summary
Title Sun Alert 103162 Solaris 10 Kernel Patches May Allow Privileged Remote Users to Gain Root Access to Files Shared by NFS Servers
Informations
Name SUN-103162 First vendor Publication 2007-12-13
Vendor Sun Last vendor Modification 2008-01-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System

A security vulnerability exists for Solaris 10 systems with kernel patches 120011-04 or later (SPARC) and 120012-04 or later (x86) which are configured as NFS servers and grant root user access to remote clients. This vulnerability may allow root users on remote clients which are not authorized to access the shared file systems as root to also have root access to files shared by the NFS server.

Avoidance: Patch, Workaround
State: Resolved
First released: 13-Dec-2007
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103162-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_103162_solaris_10

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
40829 Solaris NFS netgroups Bypass NFS Request Local Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-01-03 IAVM : 2008-T-0002 - Sun Solaris 10 NFS netgroups Remote Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0015601