Executive Summary

Summary
Title Sun Alert 240866 Security Vulnerability in Solaris 10 NFS Remote Procedure Calls (RPCs) May Allow a Denial of Service (DoS) or Data Integrity Issues for Non-Global Zones
Informations
Name SUN-240866 First vendor Publication 2008-08-25
Vendor Sun Last vendor Modification 2008-08-25
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

A security vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation may allow a local user with administrative privileges in a non-global zone to intercept and corrupt NFS traffic destined for other non-global zones on the system.?? This may result in a Denial of Service (DoS) to the NFS services in the affected non-global zones.

Sun acknowledges with thanks, Hewitt Associates for reporting this issues.

State: Resolved
First released: 25-Aug-2008
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-240866-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_240866_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 264
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
47826 Solaris NFS RPC Zones Arbitrary Non-local Zone Local NFS Traffic Manipulation

Solaris contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation allows an attacker to intercept and corrupt NFS traffic occurs, and will result in loss of availability for the service.

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:18
  • Multiple Updates