Executive Summary

Summary
Title Sun Alert 249966 Security Vulnerability in the Solaris "autofs" Kernel Module may Allow a Local Unprivileged User to Execute Arbitrary Code
Informations
Name SUN-249966 First vendor Publication 2009-01-26
Vendor Sun Last vendor Modification 2009-02-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris

A security vulnerability in the Solaris "autofs" kernel module may allow a local unprivileged user to cause "autofs" mounts to break, which is a type of Denial of Service (DoS). In rare occurrences, this may allow an unprivileged user to execute code as a root user.

State: Resolved
First released: 26-Jan-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-249966-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_249966_security_vulnerability

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5977
 
Oval ID: oval:org.mitre.oval:def:5977
Title: Security Vulnerability in the Solaris "autofs" Kernel Module may Allow a Local Unprivileged User to Execute Arbitrary Code
Description: Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0319
 Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 342
Os 6

OpenVAS Exploits

Date Description
2009-06-03 Name : Solaris Update for autofs 116053-03
File : nvt/gb_solaris_116053_03.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52554 Solaris autofs Kernel Module Unspecified Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2008-01-04 Name : The remote host is missing Sun Security Patch number 128625-11
File : solaris8_x86_128625.nasl - Type : ACT_GATHER_INFO
2008-01-02 Name : The remote host is missing Sun Security Patch number 128624-11
File : solaris8_128624.nasl - Type : ACT_GATHER_INFO