Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 237864 A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code |
| Informations | |||
|---|---|---|---|
| Name | SUN-237864 | First vendor Publication | 2008-05-30 |
| Vendor | Sun | Last vendor Modification | 2010-01-20 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Solaris 8, Solaris 9, Solaris 10 A race condition security vulnerability in the Solaris crontab(1)utility may allow a local unprivileged user to inject arbitrarycron(1M) jobs into another local user's crontab file, leading toexecution of arbitrary code with the privileges of that user. Thiscondition may also be exploited to inject arbitrary entries into theroot user's crontab file under certain circumstances, thereby allowingthe local unprivileged user to execute arbitrary code with theprivileges of the root user. Sun acknowledges with thanks, Charles Morris of Old Dominion Universityfor discovering and reporting this issue. State: Resolved First released: 30-May-2008 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_237864_a_security |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-362 | Race Condition |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:4725 | |||
| Oval ID: | oval:org.mitre.oval:def:4725 | ||
| Title: | Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code | ||
| Description: | Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-2538 | Version: | 1 |
| Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 6 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 45885 | Solaris crontab Race Condition Arbitrary Cron File Manipulation Local Privile... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-03-18 | Name : The remote host is missing Sun Security Patch number 122300-61 File : solaris9_122300.nasl - Type : ACT_GATHER_INFO |
| 2007-03-18 | Name : The remote host is missing Sun Security Patch number 122301-61 File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2013-02-06 19:08:15 |
|
