Executive Summary

Title Sun Alert 255608 A Security Vulnerability in OpenSolaris may Allow a Privileged User Inside a non-global Zone to Execute Arbitrary Code Within a Global Zone
Name SUN-255608 First vendor Publication 2009-03-26
Vendor Sun Last vendor Modification 2009-03-26
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: OpenSolaris

Local privileged users inside a non-global zone may be able to execute arbitrary code within a global zone if an mdb process within the global zone attaches to a non-global zone process. The code would be executed with the privileges of the user running mdb, which could potentially be root.

State: Resolved
First released: 26-Mar-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_255608_a_security

CPE : Common Platform Enumeration

Os 4

Open Source Vulnerability Database (OSVDB)

Id Description
53580 OpenSolaris Non-global Zone MDB Handling Local Privilege Escalation