Executive Summary

Title Sun Alert 264428 Security Vulnerability in Solaris Auditing Related to Extended File Attributes May Allow Local Unprivileged Users to Panic the System
Name SUN-264428 First vendor Publication 2009-07-23
Vendor Sun Last vendor Modification 2009-07-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Solaris 9 Solaris 10 OpenSolaris

A security vulnerability in Solaris Auditing when interacting with extended file
attributes (fsattr(5)) may allow a local unprivileged user to be able to panic the
system. The ability to panic a system is a type of Denial of Service (DoS).

State: Resolved
First released: 23-Jul-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_264428_security_vulnerability

CPE : Common Platform Enumeration

Os 222
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
56325 Solaris Auditing Extended File Attributes (fsattr(5)) Handling Local DoS

Sun Solaris contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified error in Solaris Auditing occurs, and will result in loss of availability for the system panic.

Nessus® Vulnerability Scanner

Date Description
2007-03-18 Name : The remote host is missing Sun Security Patch number 122300-61
File : solaris9_122300.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote host is missing Sun Security Patch number 122301-61
File : solaris9_x86_122301.nasl - Type : ACT_GATHER_INFO