Vulnerabilities > CVE-2007-0470 - Local Privilege Escalation vulnerability in Sun Solaris Tip
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_124997.NASL description SunOS 5.10: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07 This plugin has been deprecated and either replaced with individual 124997 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24379 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24379 title Solaris 10 (sparc) : 124997-01 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(24379); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2007-0470"); script_name(english:"Solaris 10 (sparc) : 124997-01 (deprecated)"); script_summary(english:"Check for patch 124997-01"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07 This plugin has been deprecated and either replaced with individual 124997 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000335.1.html" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 124997 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_124998.NASL description SunOS 5.10_x86: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07 This plugin has been deprecated and either replaced with individual 124998 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24391 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24391 title Solaris 10 (x86) : 124998-01 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(24391); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-0470"); script_name(english:"Solaris 10 (x86) : 124998-01 (deprecated)"); script_summary(english:"Check for patch 124998-01"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07 This plugin has been deprecated and either replaced with individual 124998 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000335.1.html" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 124998 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_124998-01.NASL description SunOS 5.10_x86: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107915 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107915 title Solaris 10 (x86) : 124998-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107915); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-0470"); script_name(english:"Solaris 10 (x86) : 124998-01"); script_summary(english:"Check for patch 124998-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 124998-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000335.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 124998-01"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124998"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124998-01", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcsu"); }NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_111505.NASL description SunOS 5.8_x86: tip patch. Date this patch was last updated by Sun : Jan/12/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13476 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13476 title Solaris 8 (x86) : 111505-02 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13476); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-0470"); script_name(english:"Solaris 8 (x86) : 111505-02"); script_summary(english:"Check for patch 111505-02"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 111505-02" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: tip patch. Date this patch was last updated by Sun : Jan/12/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000335.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"111505-02", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_124997-01.NASL description SunOS 5.10: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107412 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107412 title Solaris 10 (sparc) : 124997-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107412); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2007-0470"); script_name(english:"Solaris 10 (sparc) : 124997-01"); script_summary(english:"Check for patch 124997-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 124997-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: /usr/bin/tip patch. Date this patch was last updated by Sun : Jan/18/07" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000335.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 124997-01"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124997"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124997-01", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcsu"); }NASL family Solaris Local Security Checks NASL id SOLARIS9_123368.NASL description SunOS 5.9: tip patch. Date this patch was last updated by Sun : Jan/12/07 last seen 2020-06-01 modified 2020-06-02 plugin id 24220 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24220 title Solaris 9 (sparc) : 123368-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(24220); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-0470"); script_name(english:"Solaris 9 (sparc) : 123368-01"); script_summary(english:"Check for patch 123368-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 123368-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: tip patch. Date this patch was last updated by Sun : Jan/12/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000335.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"123368-01", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_123369.NASL description SunOS 5.9_x86: tip patch. Date this patch was last updated by Sun : Jan/12/07 last seen 2020-06-01 modified 2020-06-02 plugin id 24222 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24222 title Solaris 9 (x86) : 123369-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(24222); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-0470"); script_name(english:"Solaris 9 (x86) : 123369-01"); script_summary(english:"Check for patch 123369-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 123369-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: tip patch. Date this patch was last updated by Sun : Jan/12/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000335.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"123369-01", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_111504.NASL description SunOS 5.8: tip patch. Date this patch was last updated by Sun : Jan/12/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13373 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13373 title Solaris 8 (sparc) : 111504-02
Oval
| accepted | 2007-09-27T08:57:43.199-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:2038 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2007-08-10T12:25:20.000-04:00 | ||||||||||||||||||||||||
| title | Security Vulnerabilities in the tip(1) Command May Allow Execution of Arbitrary Code With Elevated Privileges | ||||||||||||||||||||||||
| version | 35 |
References
- http://osvdb.org/31616
- http://secunia.com/advisories/23821
- http://securitytracker.com/id?1017546
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102773-1
- http://www.securityfocus.com/bid/22190
- http://www.vupen.com/english/advisories/2007/0317
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31669
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2038