Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1354

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1354
Last Modified 10 Sep 2008 03:29:57
Published 14 May 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1354

Summary

The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inacessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.

Vulnerable Systems

Operating System

  • Sun Solaris 8.0

  • Sun Solaris 9.0


References

XF - smc-dotdot-directory-traversal(16146)

BID - 10349

OSVDB - 6119

AUSCERT - ESB-2004.0347

SUNALERT - 57559

MISC - http://spoofed.org/files/text/solaris-smc-advisory.txt

SECUNIA - 11616

BID - 8873

MLIST - [focus-sun] 20031022 Information disclosure with SMC webserver on Solaris 9


Last Updated: 27 May 2016 10:39:00