Vulnerabilities > CVE-2002-1871 - Unspecified vulnerability in SUN Solaris and Sunos

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

sun

NVD

Published: 2002-12-31

Updated: 2018-10-30

Summary

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Solaris 2.6 SUN Sunos 5.5.1 SUN Sunos 5.7 SUN Sunos 5.8	4

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-45693-1
http://www.iss.net/security_center/static/9544.php
http://www.securityfocus.com/bid/5208