Lucene search

MitreCVE-2008-1684

HistoryApr 06, 2008 - 11:44 p.m.

CVE-2008-1684

2008-04-0623:44:00

CWE-362

CWE-59

mitre

web.nvd.nist.gov

sun solaris

inetd

debug logging

local users

symlink attack

nvd

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.3

Confidence

High

EPSS

Percentile

13.2%

JSON

inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.

Affected configurations

Nvd

Node

sunsolarisMatch10sparc

sunsolarisMatch10x86

VendorProductVersionCPE
sunsolaris10cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*
sunsolaris10cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	10	cpe:2.3:o:sun:solaris:10::sparc:::::
sun	solaris	10	cpe:2.3:o:sun:solaris:10::x86:::::

References

secunia.com/advisories/29654

securitytracker.com/id?1019781

sunsolve.sun.com/search/document.do?assetkey=1-26-233284-1

www.securityfocus.com/bid/28584

www.vupen.com/english/advisories/2008/1076

exchange.xforce.ibmcloud.com/vulnerabilities/41626

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5369

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

AI Score

6.3

Confidence

High

EPSS

Percentile

13.2%

JSON

Related for CVE-2008-1684