Lucene search

MitreCVE-2004-1394

HistoryFeb 08, 2005 - 5:00 a.m.

CVE-2004-1394

2005-02-0805:00:00

mitre

web.nvd.nist.gov

cve-2004-1394

sun solaris

pfexec function

local users

custom rights profiles

privileges

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

38.6%

JSON

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.

Affected configurations

Nvd

Node

sunsolarisMatch9.0sparc

sunsunosMatch5.8

VendorProductVersionCPE
sunsolaris9.0cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
sunsunos5.8cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	9.0	cpe:2.3:o:sun:solaris:9.0::sparc:::::
sun	sunos	5.8	cpe:2.3:o:sun:sunos:5.8:::::::*

References

secunia.com/advisories/10755/

sunsolve.sun.com/search/document.do?assetkey=1-26-57453-1

www.auscert.org.au/render.html?it=3800

www.osvdb.org/3764

www.securityfocus.com/bid/9534

www.securitytracker.com/id?1008893

exchange.xforce.ibmcloud.com/vulnerabilities/14988

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

38.6%

JSON

Related for CVE-2004-1394