Executive Summary
Summary | |
---|---|
Title | Sun Alert 103162 Solaris 10 Kernel Patches May Allow Privileged Remote Users to Gain Root Access to Files Shared by NFS Servers |
Informations | |||
---|---|---|---|
Name | SUN-103162 | First vendor Publication | 2007-12-13 |
Vendor | Sun | Last vendor Modification | 2008-01-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 10 Operating System A security vulnerability exists for Solaris 10 systems with kernel patches 120011-04 or later (SPARC) and 120012-04 or later (x86) which are configured as NFS servers and grant root user access to remote clients. This vulnerability may allow root users on remote clients which are not authorized to access the shared file systems as root to also have root access to files shared by the NFS server. Avoidance: Patch, Workaround State: Resolved First released: 13-Dec-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_103162_solaris_10 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40829 | Solaris NFS netgroups Bypass NFS Request Local Privilege Escalation |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-01-03 | IAVM : 2008-T-0002 - Sun Solaris 10 NFS netgroups Remote Security Bypass Vulnerability Severity : Category I - VMSKEY : V0015601 |