Executive Summary

Summary
Title Sun Alert 262088 Security Vulnerability in the Solaris auditconfig(3M) Command May Allow Users With an Associated RBAC Profile to Gain Elevated Privileges
Informations
Name SUN-262088 First vendor Publication 2009-06-25
Vendor Sun Last vendor Modification 2009-06-25
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris

A security vulnerability in the Solaris auditconfig(1M) command may allow a local user who has been assigned an RBAC execution profile which specifies additional privileges for auditconfig(1M) such as the "Audit Control" profile, to execute arbitrary commands with the privileges specified in the RBAC profile.

State: Resolved
First released: 25-Jun-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-262088-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_262088_security_vulnerability

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 116
Os 6

OpenVAS Exploits

Date Description
2009-10-13 Name : Solaris Update for c2audit and auditconfig 140921-02
File : nvt/gb_solaris_140921_02.nasl
2009-10-13 Name : Solaris Update for c2audit and auditconfig 140922-02
File : nvt/gb_solaris_140922_02.nasl
2009-09-23 Name : Solaris Update for c2audit and auditconfig 140921-01
File : nvt/gb_solaris_140921_01.nasl
2009-09-23 Name : Solaris Update for c2audit and auditconfig 140922-01
File : nvt/gb_solaris_140922_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
55330 Solaris auditconfig RBAC Execution Profile Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2007-03-18 Name : The remote host is missing Sun Security Patch number 122300-61
File : solaris9_122300.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 122301-61
File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109007-28
File : solaris8_109007.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109008-28
File : solaris8_x86_109008.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:24
  • Multiple Updates