ID CVE-2007-6505
Summary Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:9:-:sparc
    cpe:2.3:o:sun:solaris:9:-:sparc
  • cpe:2.3:o:sun:solaris:9:-:x86
    cpe:2.3:o:sun:solaris:9:-:x86
CVSS
Base: 3.5 (as of 21-12-2007 - 11:40)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
oval via4
accepted 2008-02-25T04:00:10.579-05:00
class vulnerability
contributors
name Nicholas Hansen
organization Hewlett-Packard
definition_extensions
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
description Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
family unix
id oval:org.mitre.oval:def:5282
status accepted
submitted 2008-01-09T07:41:42.000-05:00
title Solaris 9 sshd(1M) Patches May Cause Incorrect Audit Data to be Logged
version 32
refmap via4
osvdb 44332
sunalert
  • 103172
  • 201310
xf solaris-sshaudit-weak-security(39185)
Last major update 15-11-2008 - 02:04
Published 20-12-2007 - 18:46
Last modified 28-09-2017 - 21:29
Back to Top