Lucene search

MitreCVE-2002-1296

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1296

2004-09-0104:00:00

mitre

web.nvd.nist.gov

solaris

priocntl

directory traversal

vulnerability

kernel module

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

25.7%

JSON

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via “…” sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

Affected configurations

Nvd

Node

sunsolarisMatch2.6

sunsolarisMatch7.0x86

sunsolarisMatch8.0x86

sunsolarisMatch9.0sparc

sunsunosMatch5.5.1

sunsunosMatch5.7

sunsunosMatch5.8

VendorProductVersionCPE
sunsolaris2.6cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
sunsolaris7.0cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
sunsolaris8.0cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
sunsolaris9.0cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
sunsunos5.5.1cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
sunsunos5.7cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
sunsunos5.8cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	2.6	cpe:2.3:o:sun:solaris:2.6:::::::*
sun	solaris	7.0	cpe:2.3:o:sun:solaris:7.0::x86:::::
sun	solaris	8.0	cpe:2.3:o:sun:solaris:8.0::x86:::::
sun	solaris	9.0	cpe:2.3:o:sun:solaris:9.0::sparc:::::
sun	sunos	5.5.1	cpe:2.3:o:sun:sunos:5.5.1:::::::*
sun	sunos	5.7	cpe:2.3:o:sun:sunos:5.7:::::::*
sun	sunos	5.8	cpe:2.3:o:sun:sunos:5.8:::::::*

References

marc.info/?l=bugtraq&m=103842619803173&w=2

sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131

www.iss.net/security_center/static/10717.php

www.kb.cert.org/vuls/id/683673

www.securityfocus.com/bid/6262

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3637

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

25.7%

JSON

Related for CVE-2002-1296