Vulnerabilities > CVE-2006-2790 - Local Privilege Escalation vulnerability in SUN Storage Automated Diagnostic Environment 2.4

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

sun

NVD

Published: 2006-06-02

Updated: 2017-07-20

Summary

A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. This vulnerability is addressed in the following product release: Sun, Storage Automated Diagnostic Environment, 2.4 (for Solaris 8, 9 and 10) with patch 117654-60 or later.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN Storage Automated Diagnostic Environment 2.4	1

References

http://secunia.com/advisories/20445
http://securitytracker.com/id?1016215
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102305-1
http://www.securityfocus.com/bid/18266
http://www.vupen.com/english/advisories/2006/2139
https://exchange.xforce.ibmcloud.com/vulnerabilities/26899