Vulnerabilities > CVE-2004-1394 - Unspecified vulnerability in SUN Solaris and Sunos
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
References
- http://secunia.com/advisories/10755/
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57453-1
- http://www.auscert.org.au/render.html?it=3800
- http://www.osvdb.org/3764
- http://www.securityfocus.com/bid/9534
- http://www.securitytracker.com/id?1008893
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14988