Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1394

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-1394
Last Modified 10 Sep 2008 03:30:08
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1394

Summary

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.

Vulnerable Systems

Operating System

  • Sun Solaris 8.0

  • Sun Solaris 9.0


References

SUNALERT - 57453

SECUNIA - 10755

XF - solaris-pfexec-gain-privileges(14988)

OSVDB - 3764

AUSCERT - ESB-2004.0079

SECTRACK - 1008893

BID - 9534


Last Updated: 27 May 2016 10:39:01