ID CVE-2006-4307
Summary Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:9.0:-:x86
    cpe:2.3:o:sun:solaris:9.0:-:x86
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
CVSS
Base: 7.2 (as of 23-08-2006 - 16:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
oval via4
accepted 2007-09-27T08:57:40.578-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
description Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
family unix
id oval:org.mitre.oval:def:1573
status accepted
submitted 2007-08-10T12:25:25.000-04:00
title Security Vulnerability May Allow Users With the "File System Management" RBAC Profile to Gain Elevated Privileges
version 31
refmap via4
bid 19647
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
sectrack 1016726
secunia
  • 21581
  • 22295
sunalert 102514
vupen ADV-2006-3355
Last major update 01-04-2011 - 00:00
Published 23-08-2006 - 15:04
Last modified 30-10-2018 - 12:25
Back to Top