Vulnerabilities > CVE-2007-0503 - Local Arbitrary Command Execution vulnerability in Kodak Color Management System Utilities
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_114636.NASL description SunOS 5.9: KCMS patch. Date this patch was last updated by Sun : Aug/21/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13558 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13558 title Solaris 9 (sparc) : 114636-05 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13558); script_version("1.26"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2007-0503"); script_name(english:"Solaris 9 (sparc) : 114636-05"); script_summary(english:"Check for patch 114636-05"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114636-05" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: KCMS patch. Date this patch was last updated by Sun : Aug/21/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/114636-05" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114636-05", obsoleted_by:"", package:"SUNWkcspg", version:"1.2,REV=2002.02.04") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114636-05", obsoleted_by:"", package:"SUNWkcsrt", version:"1.2,REV=2002.02.04") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114636-05", obsoleted_by:"", package:"SUNWkcspx", version:"1.2,REV=2002.02.04") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114636-05", obsoleted_by:"", package:"SUNWkcsrx", version:"1.2,REV=2002.02.04") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_111401.NASL description SunOS 5.8_x86: kcms_server and kcms_configure patch. Date this patch was last updated by Sun : Jan/17/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13475 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13475 title Solaris 8 (x86) : 111401-04 NASL family Solaris Local Security Checks NASL id SOLARIS8_111400.NASL description SunOS 5.8: kcms_server and kcms_configure patch. Date this patch was last updated by Sun : Jan/17/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13372 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13372 title Solaris 8 (sparc) : 111400-04 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114637.NASL description SunOS 5.9_x86: KCMS security fixes. Date this patch was last updated by Sun : Aug/21/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13608 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13608 title Solaris 9 (x86) : 114637-05
Oval
| accepted | 2007-09-27T08:57:40.285-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. | ||||||||||||||||
| family | unix | ||||||||||||||||
| id | oval:org.mitre.oval:def:1495 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2007-08-10T12:25:20.000-04:00 | ||||||||||||||||
| title | Security Vulnerability in the kcms_calibrate(1) Command | ||||||||||||||||
| version | 36 |
References
- http://osvdb.org/31598
- http://secunia.com/advisories/23885
- http://securitytracker.com/id?1017541
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102728-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-040.htm
- http://www.securityfocus.com/bid/22175
- http://www.vupen.com/english/advisories/2007/0287
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31668
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1495