ID CVE-2003-0722
Summary The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*
    cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2010-09-20T04:00:10.757-04:00
class vulnerability
contributors
  • name Brian Soby
    organization The MITRE Corporation
  • name Brian Soby
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Todd Dolinsky
    organization Opsware, Inc.
  • name Todd Dolinsky
    organization Opsware, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
description The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
family unix
id oval:org.mitre.oval:def:1273
status accepted
submitted 2004-10-15T02:06:00.000-04:00
title Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability
version 35
refmap via4
bid 8615
bugtraq 20030918 Solaris SADMIND Exploitation
cert-vn VU#41870
ciac N-148
misc http://www.idefense.com/advisory/09.16.03.txt
secunia 9742
sunalert 56740
vulnwatch 20030918 Solaris SADMIND Exploitation
saint via4
bid 8615
description sadmind AUTH_SYS authentication vulnerability
id rpc_sadmindauth
osvdb 4585
title sadmind_auth_sys
type remote
Last major update 11-10-2017 - 01:29
Published 22-09-2003 - 04:00
Back to Top