Lucene search

[email protected]NVD:CVE-2009-4211

HistoryDec 04, 2009 - 10:30 p.m.

CVE-2009-4211

2009-12-0422:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.

Affected configurations

Nvd

Node

sunsolarisx86

AND

disasrr_for_solaris

VendorProductVersionCPE
sunsolaris*cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*
disasrr_for_solaris*cpe:2.3:a:disa:srr_for_solaris:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	solaris	*	cpe:2.3:o:sun:solaris:::x86:::::*
disa	srr_for_solaris	*	cpe:2.3:a:disa:srr_for_solaris::::::::

References

securitytracker.com/id?1023265

www.kb.cert.org/vuls/id/433821

www.securityfocus.com/archive/1/508188/100/0/threaded

www.securityfocus.com/bid/37200

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

Related for NVD:CVE-2009-4211

securityvulns1 cert1 cve1 prion1 nessus1 packetstorm1 cvelist1