Lucene search

MitreCVE-2004-1942

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1942

2005-05-1004:00:00

mitre

web.nvd.nist.gov

solaris 9

nis

ypserv

ypxfrd

patches

unauthorized access

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

68.4%

JSON

The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.

Affected configurations

Nvd

Node

sunpatch_managerMatch113579-02

sunpatch_managerMatch113579-03

sunpatch_managerMatch113579-04

sunpatch_managerMatch113579-05

sunpatch_managerMatch114342-02

sunpatch_managerMatch114342-03

sunpatch_managerMatch114342-04

sunpatch_managerMatch114342-05

VendorProductVersionCPE
sunpatch_manager113579-02cpe:2.3:a:sun:patch_manager:113579-02:*:*:*:*:*:*:*
sunpatch_manager113579-03cpe:2.3:a:sun:patch_manager:113579-03:*:*:*:*:*:*:*
sunpatch_manager113579-04cpe:2.3:a:sun:patch_manager:113579-04:*:*:*:*:*:*:*
sunpatch_manager113579-05cpe:2.3:a:sun:patch_manager:113579-05:*:*:*:*:*:*:*
sunpatch_manager114342-02cpe:2.3:a:sun:patch_manager:114342-02:*:*:*:*:*:*:*
sunpatch_manager114342-03cpe:2.3:a:sun:patch_manager:114342-03:*:*:*:*:*:*:*
sunpatch_manager114342-04cpe:2.3:a:sun:patch_manager:114342-04:*:*:*:*:*:*:*
sunpatch_manager114342-05cpe:2.3:a:sun:patch_manager:114342-05:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	patch_manager	113579-02	cpe:2.3:a:sun:patch_manager:113579-02:::::::*
sun	patch_manager	113579-03	cpe:2.3:a:sun:patch_manager:113579-03:::::::*
sun	patch_manager	113579-04	cpe:2.3:a:sun:patch_manager:113579-04:::::::*
sun	patch_manager	113579-05	cpe:2.3:a:sun:patch_manager:113579-05:::::::*
sun	patch_manager	114342-02	cpe:2.3:a:sun:patch_manager:114342-02:::::::*
sun	patch_manager	114342-03	cpe:2.3:a:sun:patch_manager:114342-03:::::::*
sun	patch_manager	114342-04	cpe:2.3:a:sun:patch_manager:114342-04:::::::*
sun	patch_manager	114342-05	cpe:2.3:a:sun:patch_manager:114342-05:::::::*

References

marc.info/?l=bugtraq&m=108241638500417&w=2

sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1

www.ciac.org/ciac/bulletins/o-144.shtml

www.securityfocus.com/bid/10261

exchange.xforce.ibmcloud.com/vulnerabilities/15908

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

68.4%

JSON

Related for CVE-2004-1942