Sun Solaris Management Console Logging Mechanism Remote Privilege Escalation Vulnerability

TITLE: Sun Solaris Management Console Logging Mechanism Remote Privilege Escalation Vulnerability
CLASS: Unknown
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 05 2007 12:00AM
CREDIT: Adam Gowdiak is credited with the discovery of this issue.
VULNERABLE:

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8
Sun Solaris 10_x86
Sun Solaris 10

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

Sun Solaris Management Console is prone to a remote privilege-escalation vulnerability.

Attackers can exploit this issue to gain superuser privileges. Successful attacks will result in the complete compromise of affected computers.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
The vendor has released an advisory and patches to address this issue. Please see the references for more information.


Sun Solaris 9_x86

• Sun 114193-35
  http://sunsolve.sun.com/private-cgi/pdownload.pl?target=114193-35&method=hs

Sun Solaris 8_x86

• Sun 111314-06
  http://sunsolve.sun.com/private-cgi/pdownload.pl?target=111314-06&method=hs

Sun Solaris 10

• Sun 121308-04
  http://sunsolve.sun.com/private-cgi/pdownload.pl?target=121308-04&method=hs

Sun Solaris 8

• Sun 111313-06
  http://sunsolve.sun.com/private-cgi/pdownload.pl?target=111313-06&method=hs

Sun Solaris 9

• Sun 112945-45
  http://sunsolve.sun.com/private-cgi/pdownload.pl?target=112945-45&method=hs

Sun Solaris 10_x86

• Sun 121309-04
  http://sunsolve.sun.com/private-cgi/pdownload.pl?target=121309-04&method=hs

References

References:

• Sun Solaris Homepage (Sun Microsystems)
  
• 102903 Security Vulnerability in the Logging Mechanism for Solaris Management C (Sun)
  

PhpLog