Vulnerabilities > CVE-2006-4439 - Unspecified vulnerability in SUN Solaris 10.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sun
nessus
Summary
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119255.NASL description SunOS 5.10_x86: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Mar/29/16 This plugin has been deprecated and either replaced with individual 119255 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22302 published 2006-09-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22302 title Solaris 10 (x86) : 119255-93 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(22302); script_version("1.95"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2006-4439", "CVE-2011-0412"); script_name(english:"Solaris 10 (x86) : 119255-93 (deprecated)"); script_summary(english:"Check for patch 119255-93"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Mar/29/16 This plugin has been deprecated and either replaced with individual 119255 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119255-93" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 119255 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_119254-91.NASL description SunOS 5.10: Install and Patch Utilities Pa. Date this patch was last updated by Sun : Feb/23/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107315 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107315 title Solaris 10 (sparc) : 119254-91 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119255-92.NASL description SunOS 5.10_x86: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Jun/11/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107819 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107819 title Solaris 10 (x86) : 119255-92 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119255-91.NASL description SunOS 5.10_x86: Install and Patch Utilitie. Date this patch was last updated by Sun : Feb/23/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107818 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107818 title Solaris 10 (x86) : 119255-91 NASL family Solaris Local Security Checks NASL id SOLARIS10_119254.NASL description SunOS 5.10: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Mar/29/16 This plugin has been deprecated and either replaced with individual 119254 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22244 published 2006-08-21 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22244 title Solaris 10 (sparc) : 119254-93 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_119254-92.NASL description SunOS 5.10: Install and Patch Utilities Patch. Date this patch was last updated by Sun : Jun/11/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107316 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107316 title Solaris 10 (sparc) : 119254-92
Oval
| accepted | 2007-09-27T08:57:42.976-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:2010 | ||||||||
| status | accepted | ||||||||
| submitted | 2007-08-10T12:25:25.000-04:00 | ||||||||
| title | pkgadd(1M) May Set Incorrect Permissions if The pkgmap(4) File Contains a "?" in The "Mode" Field | ||||||||
| version | 36 |
References
- http://secunia.com/advisories/21633
- http://secunia.com/advisories/21633
- http://secunia.com/advisories/22992
- http://secunia.com/advisories/22992
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102513-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102513-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
- http://www.osvdb.org/28203
- http://www.osvdb.org/28203
- http://www.securityfocus.com/bid/19730
- http://www.securityfocus.com/bid/19730
- http://www.vupen.com/english/advisories/2006/3397
- http://www.vupen.com/english/advisories/2006/3397
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2010