Vulnerabilities > CVE-2002-0084 - Unspecified vulnerability in SUN Solaris and Sunos
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 |
Nessus
NASL family | Gain a shell remotely |
NASL id | CACHEFSD_OVERFLOW.NASL |
description | The cachefsd RPC service is running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A heap-based buffer overflow condition exists in the cfsd_calloc() function that allows an unauthenticated, remote attacker to execute arbitrary code via a long directory and cache name. (CVE-2002-0033 / ESCROWUPGRADE) - A heap-based buffer overflow condition exists in the fscache_setup() function that allows a local attacker to gain root privileges via a long mount argument. (CVE-2002-0084) ESCROWUPGRADE is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as the Shadow Brokers. Note that Nessus has not attempted to exploit these issues but has instead only detected that the service is running. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 10951 |
published | 2002-05-08 |
reporter | This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/10951 |
title | Solaris cachefsd Multiple Vulnerabilities (ESCROWUPGRADE) |
code |
|
Oval
accepted 2010-09-20T04:00:24.489-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument. family unix id oval:org.mitre.oval:def:43 status accepted submitted 2002-10-17T12:00:00.000-04:00 title Solaris 7 cachefsd Buffer Overrun Vulnerability version 38 accepted 2010-09-20T04:00:47.360-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Brian Soby organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument. family unix id oval:org.mitre.oval:def:97 status accepted submitted 2002-09-17T12:00:00.000-04:00 title Solaris cachefsd Buffer Overrun Vulnerability version 38
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00416.html
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
- http://www.esecurityonline.com/advisories/eSO4198.asp
- http://www.kb.cert.org/vuls/id/161931
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A43
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A97