Vulnerabilities > CVE-2007-0895 - Local Security vulnerability in Solaris

047910
CVSS 2.6 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
high complexity
sun
nessus

Summary

Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.

Vulnerable Configurations

Part Description Count
OS
Sun
3

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_124970.NASL
    descriptionSunOS 5.8_x86: rm patch. Date this patch was last updated by Sun : Feb/06/07
    last seen2020-06-01
    modified2020-06-02
    plugin id24402
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24402
    titleSolaris 8 (x86) : 124970-01
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(24402);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:24");
    
      script_cve_id("CVE-2007-0895");
    
      script_name(english:"Solaris 8 (x86) : 124970-01");
      script_summary(english:"Check for patch 124970-01");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 124970-01"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8_x86: rm patch.
    Date this patch was last updated by Sun : Feb/06/07"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://download.oracle.com/sunalerts/1000334.1.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"124970-01", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"124970-01", obsoleted_by:"", package:"SUNWxcu4", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:solaris_get_report());
      else security_note(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_124244.NASL
    descriptionSunOS 5.10: /usr/bin/rm patch. Date this patch was last updated by Sun : Jun/20/07
    last seen2018-09-01
    modified2018-08-13
    plugin id24375
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24375
    titleSolaris 10 (sparc) : 124244-02
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(24375);
     script_version("1.23");
    
     script_name(english: "Solaris 10 (sparc) : 124244-02");
     script_cve_id("CVE-2007-0895");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 124244-02");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10: /usr/bin/rm patch.
    Date this patch was last updated by Sun : Jun/20/07');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/124244-02");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P");
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18");
     script_cvs_date("Date: 2019/10/25 13:36:23");
     script_set_attribute(attribute:"vuln_publication_date", value: "2007/02/08");
     script_end_attributes();
    
     script_summary(english: "Check for patch 124244-02");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_124245.NASL
    descriptionSunOS 5.10_x86: /usr/bin/rm patch. Date this patch was last updated by Sun : Jun/20/07
    last seen2018-09-01
    modified2018-08-13
    plugin id24387
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24387
    titleSolaris 10 (x86) : 124245-02
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_124969.NASL
    descriptionSunOS 5.8: rm patch. Date this patch was last updated by Sun : Feb/06/07
    last seen2020-06-01
    modified2020-06-02
    plugin id24399
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24399
    titleSolaris 8 (sparc) : 124969-01
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_123373.NASL
    descriptionSunOS 5.9_x86: rm patch. Date this patch was last updated by Sun : Feb/06/07
    last seen2020-06-01
    modified2020-06-02
    plugin id24408
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24408
    titleSolaris 9 (x86) : 123373-02
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_123372.NASL
    descriptionSunOS 5.9: rm patch. Date this patch was last updated by Sun : Feb/06/07
    last seen2020-06-01
    modified2020-06-02
    plugin id24404
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24404
    titleSolaris 9 (sparc) : 123372-02

Oval

accepted2007-09-10T14:45:27.362-04:00
classvulnerability
contributors
nameTodd Dolinsky
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 8 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1539
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 8 (x86) is installed
    ovaloval:org.mitre.oval:def:2059
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionRace condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
familyunix
idoval:org.mitre.oval:def:8272
statusaccepted
submitted2007-08-06T11:50:11.000-04:00
titleSecurity Vulnerability in rm(1) may Lead to Unauthorized Deletion of Files or Directories
version35