ID CVE-2007-4395
Summary Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role. Successful exploitation requires that the attacker knows the password for certain affected roles.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2007-09-27T08:57:42.671-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
description Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.
family unix
id oval:org.mitre.oval:def:1941
status accepted
submitted 2007-08-21T07:46:29.000-04:00
title Two Security Vulnerabilities in Solaris 8 Role Based Access Control (rbac(5)) may Allow Unauthorized Remote Access
version 31
refmap via4
bid 25353
osvdb 36614
sectrack 1018582
secunia 26494
sunalert 103029
vupen ADV-2007-2916
xf solaris-rbac-unauthorized-access(36080)
Last major update 30-10-2018 - 16:25
Published 17-08-2007 - 23:17
Back to Top