Executive Summary
Summary | |
---|---|
Title | Sun Alert 248646 Insecure Temporary File Usage Vulnerability in Sun SNMP Management Agent |
Informations | |||
---|---|---|---|
Name | SUN-248646 | First vendor Publication | 2008-12-24 |
Vendor | Sun | Last vendor Modification | 2008-12-24 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun SNMP Management Agent An insecure temporary file vulnerability in the Sun Simple Network Management Protocol (SNMP) Management Agent may allow a local unprivileged user to overwrite any system file or gain root privileges. Sun Acknowledges with thanks Matthew Flanagan of Singtel Optus Pty Ltd for for bringing this issue to our attention. State: Resolved First released: 24-Dec-2008 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_248646_insecure_temporary |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50987 | Sun SNMP Management Agent Unspecified Temporary File Symlink Arbitrary File O... Sun SNMP Management Agent contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the agent creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. |
Alert History
Date | Informations |
---|---|
2013-02-06 19:08:23 |
|