ID CVE-2006-4319
Summary Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:8.0:-:sparc
    cpe:2.3:o:sun:solaris:8.0:-:sparc
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:8.0:beta
    cpe:2.3:o:sun:solaris:8.0:beta
  • cpe:2.3:o:sun:solaris:9.0:-:sparc
    cpe:2.3:o:sun:solaris:9.0:-:sparc
  • cpe:2.3:o:sun:solaris:9.0:-:x86
    cpe:2.3:o:sun:solaris:9.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:x86_update_2
    cpe:2.3:o:sun:solaris:9.0:x86_update_2
  • cpe:2.3:o:sun:solaris:10.0:-:64_bit
    cpe:2.3:o:sun:solaris:10.0:-:64_bit
  • cpe:2.3:o:sun:solaris:10.0:-:sparc
    cpe:2.3:o:sun:solaris:10.0:-:sparc
  • cpe:2.3:o:sun:solaris:10.0:-:x86
    cpe:2.3:o:sun:solaris:10.0:-:x86
  • cpe:2.3:o:sun:solaris:10.0:hw2
    cpe:2.3:o:sun:solaris:10.0:hw2
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
  • Sun SunOS (Solaris 9) 5.9
    cpe:2.3:o:sun:sunos:5.9
  • Sun SunOS (Solaris 10) 5.10
    cpe:2.3:o:sun:sunos:5.10
CVSS
Base: 7.2 (as of 24-08-2006 - 14:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_108975.NASL
    description SunOS 5.8: /usr/bin/rmformat and /usr/sbin/format patch. Date this patch was last updated by Sun : Aug/10/06
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 13304
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13304
    title Solaris 8 (sparc) : 108975-10
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_108976.NASL
    description SunOS 5.8_x86: /usr/bin/rmformat and /usr/sbin/format patch. Date this patch was last updated by Sun : Aug/18/06
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13415
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13415
    title Solaris 8 (x86) : 108976-10
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113072.NASL
    description SunOS 5.9: patch /usr/sbin/format. Date this patch was last updated by Sun : Jul/21/06
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 22157
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22157
    title Solaris 9 (sparc) : 113072-08
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_118997.NASL
    description SunOS 5.10_x86: format patch. Date this patch was last updated by Sun : Aug/21/06
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 22245
    published 2006-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22245
    title Solaris 10 (x86) : 118997-10
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114423.NASL
    description SunOS 5.9_x86: format, lp, IKE patch. Date this patch was last updated by Sun : Mar/18/11
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 22248
    published 2006-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22248
    title Solaris 9 (x86) : 114423-09
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_118833.NASL
    description SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Jan/29/07 This plugin has been deprecated and either replaced with individual 118833 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 21792
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21792
    title Solaris 10 (sparc) : 118833-36 (deprecated)
oval via4
accepted 2007-09-27T08:57:45.469-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
family unix
id oval:org.mitre.oval:def:2164
status accepted
submitted 2007-08-10T12:25:25.000-04:00
title Security Vulnerability Due to Buffer Overflow in The format(1M) Command May Allow Privilege Elevation For Certain RBAC Profiles
version 31
refmap via4
bid 19657
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
sectrack 1016727
secunia
  • 21581
  • 22295
sunalert 102519
vupen ADV-2006-3355
xf solaris-format-rbac-bo(28519)
Last major update 07-03-2011 - 21:40
Published 23-08-2006 - 21:04
Last modified 30-10-2018 - 12:26
Back to Top