ID CVE-2007-6505
Summary Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:9:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9:*:x86:*:*:*:*:*
CVSS
Base: 3.5 (as of 29-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:N/A:N
oval via4
accepted 2008-02-25T04:00:10.579-05:00
class vulnerability
contributors
name Nicholas Hansen
organization Hewlett-Packard
definition_extensions
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
description Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
family unix
id oval:org.mitre.oval:def:5282
status accepted
submitted 2008-01-09T07:41:42.000-05:00
title Solaris 9 sshd(1M) Patches May Cause Incorrect Audit Data to be Logged
version 32
refmap via4
osvdb 44332
sunalert
  • 103172
  • 201310
xf solaris-sshaudit-weak-security(39185)
Last major update 29-09-2017 - 01:29
Published 20-12-2007 - 23:46
Back to Top