Lucene search

MitreCVE-2009-4211

HistoryDec 04, 2009 - 10:30 p.m.

CVE-2009-4211

2009-12-0422:30:00

CWE-264

mitre

web.nvd.nist.gov

disa

srr

script

solaris

x86

privilege escalation

cve-2009-4211

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.

Affected configurations

Nvd

Node

sunsolarisx86

AND

disasrr_for_solaris

VendorProductVersionCPE
sunsolaris*cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*
disasrr_for_solaris*cpe:2.3:a:disa:srr_for_solaris:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	*	cpe:2.3:o:sun:solaris:::x86:::::*
disa	srr_for_solaris	*	cpe:2.3:a:disa:srr_for_solaris::::::::

References

securitytracker.com/id?1023265

www.kb.cert.org/vuls/id/433821

www.securityfocus.com/archive/1/508188/100/0/threaded

www.securityfocus.com/bid/37200

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

Related for CVE-2009-4211