Executive Summary

Title Sun Alert 103165 A Security Vulnerability in libdevinfo(3LIB) May Allow Unauthorized Access to Files on the System
Name SUN-103165 First vendor Publication 2008-01-11
Vendor Sun Last vendor Modification 2008-01-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Solaris 10 Operating System

A security vulnerability in the libdevinfo(3LIB) library, which is used by the login(1) command, may allow a local unprivileged user to gain unauthorized access to files on the system, possibly including system files. This vulnerability could therefore be used to gain elevated privileges on the system.

Avoidance: Patch, Workaround
State: Resolved
First released: 11-Jan-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_103165_a_security

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5211
Oval ID: oval:org.mitre.oval:def:5211
Title: A Security Vulnerability in libdevinfo(3LIB) May Allow Unauthorized Access to Files on the System
Description: Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0242
Version: 1
Platform(s): Sun Solaris 10
Definition Synopsis:

CPE : Common Platform Enumeration

Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
40830 Solaris libdevinfo(3LIB) Login Device Permission Unspecified Local Privilege ...