CVE-2011-0902 - Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Fir

CVE-2011-0902

Summary

Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

References

Vulnerable Configurations

cpe:2.3:h:oracle:sun_microsystems_sunscreen_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:oracle:sun_microsystems_sunscreen_firewall:*:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*

CVSS

Base:	6.9 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	45963
exploit-db	16041
xf	sunscreen-ldlibrarypath-privilege-escalation(64887)

Last major update

17-08-2017 - 01:33

Published

07-02-2011 - 21:00

Last modified

17-08-2017 - 01:33