ID CVE-2007-3094
Summary Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:8.0:-:x86
    cpe:2.3:o:sun:solaris:8.0:-:x86
  • cpe:2.3:o:sun:solaris:9.0:-:x86
    cpe:2.3:o:sun:solaris:9.0:-:x86
  • cpe:2.3:o:sun:solaris:10.0:-:x86
    cpe:2.3:o:sun:solaris:10.0:-:x86
  • Sun SunOS (Solaris 8) 5.8
    cpe:2.3:o:sun:sunos:5.8
  • Sun SunOS (Solaris 9) 5.9
    cpe:2.3:o:sun:sunos:5.9
  • Sun SunOS (Solaris 10) 5.10
    cpe:2.3:o:sun:sunos:5.10
CVSS
Base: 9.0 (as of 07-06-2007 - 21:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114193.NASL
    description SunOS 5.9_x86: wbem Patch. Date this patch was last updated by Sun : Aug/01/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 16091
    published 2005-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16091
    title Solaris 9 (x86) : 114193-36
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_112945.NASL
    description SunOS 5.9: wbem Patch. Date this patch was last updated by Sun : Aug/01/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 16089
    published 2005-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16089
    title Solaris 9 (sparc) : 112945-46
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_121309.NASL
    description SunOS 5.10_x86: Solaris Management Console. Date this patch was last updated by Sun : Apr/02/10 This plugin has been deprecated and either replaced with individual 121309 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 20276
    published 2005-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20276
    title Solaris 10 (x86) : 121309-20 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121308.NASL
    description SunOS 5.10: Solaris Management Console Pat. Date this patch was last updated by Sun : Apr/02/10 This plugin has been deprecated and either replaced with individual 121308 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 20273
    published 2005-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20273
    title Solaris 10 (sparc) : 121308-20 (deprecated)
oval via4
accepted 2007-07-11T15:17:31.878-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
description Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
family unix
id oval:org.mitre.oval:def:1341
status accepted
submitted 2007-06-08T14:30:00.000-04:00
title Security Vulnerability in the Authentication Mechanism for Solaris Management Console (SMC) May Lead to Escalation of Privileges
version 31
refmap via4
bid 24326
osvdb 36591
sectrack 1018205
sunalert 102902
vupen ADV-2007-2076
xf solaris-smc-authentication-priv-escalation(34735)
Last major update 30-10-2012 - 22:37
Published 06-06-2007 - 17:30
Last modified 30-10-2018 - 12:25
Back to Top