Vulnerabilities > CVE-2006-0531 - Local Authentication Bypass vulnerability in SUN Java System Access Manager 7.0

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
sun
nessus
NVD
Published: 2006-02-04
Updated: 2017-10-11

Summary

Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.

Vulnerable Configurations

Part Description Count
Application
Sun
3

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120954.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120954 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id36756
    published2009-04-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=36756
    titleSolaris 10 (sparc) : 120954-12 (deprecated)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2018/03/12. Deprecated and either replaced by
# individual patch-revision plugins, or has been deemed a
# non-security advisory.
#
include("compat.inc");

if (description)
{
  script_id(36756);
  script_version("1.16");
  script_cvs_date("Date: 2019/10/25 13:36:26");

  script_cve_id("CVE-2006-0531", "CVE-2008-2945", "CVE-2008-3529", "CVE-2008-4225", "CVE-2008-4226", "CVE-2009-0170", "CVE-2009-0348", "CVE-2009-2268", "CVE-2009-2712", "CVE-2009-2713", "CVE-2010-4444");

  script_name(english:"Solaris 10 (sparc) : 120954-12 (deprecated)");
  script_summary(english:"Check for patch 120954-12");

  script_set_attribute(
    attribute:"synopsis", 
    value:"This plugin has been deprecated."
  );
  script_set_attribute(
    attribute:"description",
    value:
"AM 7.0: Sun Java System Access Manager 2005Q4.
Date this patch was last updated by Sun : Nov/03/10

This plugin has been deprecated and either replaced with individual
120954 patch-revision plugins, or deemed non-security related."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/120954-12"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"n/a"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(20, 79, 119, 189, 200, 255, 264, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}

exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 120954 instead.");
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120955-12.NASL
    descriptionAM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107871
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107871
    titleSolaris 10 (x86) : 120955-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_120954.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id37533
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37533
    titleSolaris 9 (sparc) : 120954-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_120954-12.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107369
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107369
    titleSolaris 10 (sparc) : 120954-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_120955.NASL
    descriptionAM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id38005
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38005
    titleSolaris 9 (x86) : 120955-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_120954.NASL
    descriptionAM 7.0: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10
    last seen2020-06-01
    modified2020-06-02
    plugin id37271
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37271
    titleSolaris 8 (sparc) : 120954-12
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_120955.NASL
    descriptionAM 7.0_x86: Sun Java System Access Manager 2005Q4. Date this patch was last updated by Sun : Nov/03/10 This plugin has been deprecated and either replaced with individual 120955 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id38126
    published2009-04-23
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=38126
    titleSolaris 10 (x86) : 120955-12 (deprecated)

Oval

  • accepted2007-03-21T16:17:17.664-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameNabil Ouchn
      organizationSecurity-Database
    descriptionUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
    familyunix
    idoval:org.mitre.oval:def:360
    statusaccepted
    submitted2006-09-22T05:52:00.000-04:00
    titleSun Java System Access Manager Local Authentication Bypass Vulnerability
    version37
  • accepted2007-03-21T16:17:26.994-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameNabil Ouchn
      organizationSecurity-Database
    descriptionUnspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
    familyunix
    idoval:org.mitre.oval:def:755
    statusaccepted
    submitted2006-09-22T05:52:00.000-04:00
    titleSun Java System Access Manager Local Authentication Bypass Vulnerability
    version37

References