SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Sun
Sun SPARC Enterprise T5120 and T5220 Default Configuration Permits Remote Root Command Execution
SecurityTracker Alert ID:  1019708
SecurityTracker URL:  http://securitytracker.com/id/1019708
CVE Reference:   CVE-2008-1369   (Links to External Site)
Date:  Mar 26 2008
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10; Sun SPARC Enterprise T5120 and T5220 with datecode prior to BEL07480000
Description:   A vulnerability was reported in Solaris 10 on certain Sun SPARC Enterprise T5120 and T5220 systems. A remote or local user can execute arbitrary commands with root privileges.

The system ships with an insecure configuration that allows local and remote users to execute arbitrary commands with root privileges.

Sun SPARC Enterprise T5120 and T5220 systems with a datecode prior to BEL07480000 are affected.

Impact:   A remote or local user can execute arbitrary commands with root privileges.
Solution:   Sun SPARC Enterprise T5120 and T5220 servers with datecode BEL07480000 and later ship with the correct configuration.

A workaround for prior versions is described in the vendor's advisory.

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1 (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC