4 matches found
DISA Security Readiness Review Scripts for Solaris Local Privilege Escalation
The remote host has a copy of the DISA Security Readiness Review SRR Scripts for Solaris that is affected by a local privilege escalation vulnerability. The vulnerability could be leveraged to execute files in arbitrary directories with root privileges, as long as such files are named 'java',...
DISA STIG SRR Still Vulnerable
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After the issue in CVE-2009-4211 was made public, the Unix SRR script was removed from http://iase.disa.mil/stigs/SRR/unix.html with a note saying: ?Due to a recently identified security issue, please do not run any version of the UNIX SRR scripts unt...
UPDATE: DISA Unix SRR root compromise / CVE-2009-4211 / VU#433821
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After the issue in CVE-2009-4211 was made public, the Unix SRR script was removed from http://iase.disa.mil/stigs/SRR/unix.html with a note saying: ?Due to a recently identified security issue, please do not run any version of the UNIX SRR scripts unt...
CVE-2009-4211
CVE-2009-4211 arises from the DISA UNIX Security Readiness Review (SRR) scripts for Solaris x86, where SRR’s find(-exec) logic executes programs in root context if files are named one of: java, openssl, php, snort, tshark, vncserver, or wireshark. This enables a local attacker with filesystem acc...