CERTA-2008-AVI-286
Vulnerability from certfr_avis - Published: 2008-06-04 - Updated: 2008-06-04
Une vulnérabilité présente dans Sun Solaris permet localement d'élever ses privilèges et d'exécuter du code arbitraire.
Description
Une vulnérabilité de l'outils crontab permet, sous certaines conditions, de faire exécuter du code arbitraire par le service de planification des taĉhes d'un autre utilisateur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Solaris 9 sans le correctif 122300-27 (SPARC) ou 122301-27 (x86) ; | ||
| N/A | N/A | Solaris 8 sans le correctif 109007-26 (SPARC) ou 109008-26 (x86) ; | ||
| N/A | N/A | Solaris 10 sans le correctif 137017-02 (SPARC) ou 137018-02 (x86) ; | ||
| N/A | N/A | OpenSolaris basé sur une version inférieure à snv_91. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solaris 9 sans le correctif 122300-27 (SPARC) ou 122301-27 (x86) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Solaris 8 sans le correctif 109007-26 (SPARC) ou 109008-26 (x86) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Solaris 10 sans le correctif 137017-02 (SPARC) ou 137018-02 (x86) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "OpenSolaris bas\u00e9 sur une version inf\u00e9rieure \u00e0 snv_91.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de l\u0027outils crontab permet, sous certaines conditions,\nde faire ex\u00e9cuter du code arbitraire par le service de planification des\nta\u0109hes d\u0027un autre utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2008-06-04T00:00:00",
"last_revision_date": "2008-06-04T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-286",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-06-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Sun Solaris permet localement d\u0027\u00e9lever\nses privil\u00e8ges et d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Sun Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #237864 du 02 juin 2008",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-237864-1"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…