Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2013/09/17 12:0 a.m.41 views

DISA Security Readiness Review Scripts for Solaris Local Privilege Escalation

The remote host has a copy of the DISA Security Readiness Review SRR Scripts for Solaris that is affected by a local privilege escalation vulnerability. The vulnerability could be leveraged to execute files in arbitrary directories with root privileges, as long as such files are named 'java',...

9.3CVSS5.7AI score0.01691EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2009/12/10 12:0 a.m.36 views

DISA STIG SRR Still Vulnerable

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After the issue in CVE-2009-4211 was made public, the Unix SRR script was removed from http://iase.disa.mil/stigs/SRR/unix.html with a note saying: ?Due to a recently identified security issue, please do not run any version of the UNIX SRR scripts unt...

9.3CVSS0.1AI score0.01691EPSS
Exploits1
securityvulns
securityvulns
added 2009/12/09 12:0 a.m.56 views

UPDATE: DISA Unix SRR root compromise / CVE-2009-4211 / VU#433821

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After the issue in CVE-2009-4211 was made public, the Unix SRR script was removed from http://iase.disa.mil/stigs/SRR/unix.html with a note saying: ?Due to a recently identified security issue, please do not run any version of the UNIX SRR scripts unt...

9.3CVSS6.4AI score0.01691EPSS
Exploits1
CVE
CVE
added 2009/12/04 10:0 p.m.56 views

CVE-2009-4211

CVE-2009-4211 arises from the DISA UNIX Security Readiness Review (SRR) scripts for Solaris x86, where SRR’s find(-exec) logic executes programs in root context if files are named one of: java, openssl, php, snort, tshark, vncserver, or wireshark. This enables a local attacker with filesystem acc...

9.3CVSS6.5AI score0.01691EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder