ID CVE-2007-5225
Summary Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:N/A:N
oval via4
accepted 2007-11-13T12:01:06.734-05:00
class vulnerability
contributors
name Nicholas Hansen
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
family unix
id oval:org.mitre.oval:def:2170
status accepted
submitted 2007-10-10T07:52:08.000-04:00
title Security Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unauthorized Data Access
version 31
refmap via4
bid 25905
bugtraq 20071004 Re: iDefense Security Advisory 10.02.07: Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability
confirm http://support.avaya.com/elmodocs2/security/ASA-2007-463.htm
exploit-db
  • 4516
  • 5227
idefense 20071002 Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability
sectrack 1018766
secunia
  • 27024
  • 27654
sunalert 103061
vupen ADV-2007-3339
xf solaris-namedpipes-information-disclosure(36918)
Last major update 30-10-2018 - 16:25
Published 05-10-2007 - 00:17
Back to Top