CERTA-2008-AVI-286
Vulnerability from certfr_avis
Une vulnérabilité présente dans Sun Solaris permet localement d'élever ses privilèges et d'exécuter du code arbitraire.
Description
Une vulnérabilité de l'outils crontab permet, sous certaines conditions, de faire exécuter du code arbitraire par le service de planification des taĉhes d'un autre utilisateur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Solaris 9 sans le correctif 122300-27 (SPARC) ou 122301-27 (x86) ; | ||
| N/A | N/A | Solaris 8 sans le correctif 109007-26 (SPARC) ou 109008-26 (x86) ; | ||
| N/A | N/A | Solaris 10 sans le correctif 137017-02 (SPARC) ou 137018-02 (x86) ; | ||
| N/A | N/A | OpenSolaris basé sur une version inférieure à snv_91. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solaris 9 sans le correctif 122300-27 (SPARC) ou 122301-27 (x86) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Solaris 8 sans le correctif 109007-26 (SPARC) ou 109008-26 (x86) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Solaris 10 sans le correctif 137017-02 (SPARC) ou 137018-02 (x86) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "OpenSolaris bas\u00e9 sur une version inf\u00e9rieure \u00e0 snv_91.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de l\u0027outils crontab permet, sous certaines conditions,\nde faire ex\u00e9cuter du code arbitraire par le service de planification des\nta\u0109hes d\u0027un autre utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2008-06-04T00:00:00",
"last_revision_date": "2008-06-04T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-286",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-06-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Sun Solaris permet localement d\u0027\u00e9lever\nses privil\u00e8ges et d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Sun Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #237864 du 02 juin 2008",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-237864-1"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…