Executive Summary
Summary | |
---|---|
Title | Sun Alert 237864 A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code |
Informations | |||
---|---|---|---|
Name | SUN-237864 | First vendor Publication | 2008-05-30 |
Vendor | Sun | Last vendor Modification | 2010-01-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 8, Solaris 9, Solaris 10 A race condition security vulnerability in the Solaris crontab(1)utility may allow a local unprivileged user to inject arbitrarycron(1M) jobs into another local user's crontab file, leading toexecution of arbitrary code with the privileges of that user. Thiscondition may also be exploited to inject arbitrary entries into theroot user's crontab file under certain circumstances, thereby allowingthe local unprivileged user to execute arbitrary code with theprivileges of the root user. Sun acknowledges with thanks, Charles Morris of Old Dominion Universityfor discovering and reporting this issue. State: Resolved First released: 30-May-2008 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_237864_a_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4725 | |||
Oval ID: | oval:org.mitre.oval:def:4725 | ||
Title: | Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code | ||
Description: | Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2538 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 6 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45885 | Solaris crontab Race Condition Arbitrary Cron File Manipulation Local Privile... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122300-61 File : solaris9_122300.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 122301-61 File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-02-06 19:08:15 |
|