Executive Summary

Summary
Title Sun Alert 103172 Solaris 9 sshd(1M) Patches May Cause Incorrect Audit Data to be Logged
Informations
Name SUN-103172 First vendor Publication 2007-12-18
Vendor Sun Last vendor Modification 2007-12-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Cvss Base Score 3.5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9 Operating System

Solaris 9 systems with Solaris Auditing (see bsmconv(1M)) enabled and with the sshd(1M) patches installed as listed in section 2 below will contain audit records with an incorrect audit-ID. In addition, incomplete audit classes may be selected for users logging in via ssh(1).

Avoidance: Patch
State: Resolved
First released: 18-Dec-2007

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_103172_solaris_9

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5282
 
Oval ID: oval:org.mitre.oval:def:5282
Title: Solaris 9 sshd(1M) Patches May Cause Incorrect Audit Data to be Logged
Description: Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6505
Version: 1
Platform(s): Sun Solaris 9
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
44332 Solaris Auditing Spoofed audit-ID Audit Record Logging Weakness

Nessus® Vulnerability Scanner

Date Description
2007-03-18 Name : The remote host is missing Sun Security Patch number 122300-61
File : solaris9_122300.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 122301-61
File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2016-06-28 20:10:33
  • Multiple Updates