Vulnerabilities > CVE-2007-3094 - Remote Privilege Escalation vulnerability in Sun Solaris Management Console Authentication Mechanism

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
critical
nessus

Summary

Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.

Vulnerable Configurations

Part Description Count
OS
Sun
6

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_121308.NASL
    descriptionSunOS 5.10: Solaris Management Console Pat. Date this patch was last updated by Sun : Apr/02/10 This plugin has been deprecated and either replaced with individual 121308 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id20273
    published2005-12-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20273
    titleSolaris 10 (sparc) : 121308-20 (deprecated)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(20273);
      script_version("1.53");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2005-3398", "CVE-2005-3498", "CVE-2007-3093", "CVE-2007-3094");
    
      script_name(english:"Solaris 10 (sparc) : 121308-20 (deprecated)");
      script_summary(english:"Check for patch 121308-20");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "SunOS 5.10: Solaris Management Console Pat.
    Date this patch was last updated by Sun : Apr/02/10
    
    This plugin has been deprecated and either replaced with individual
    121308 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/121308-20"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(200);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 121308 instead.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_112945.NASL
    descriptionSunOS 5.9: wbem Patch. Date this patch was last updated by Sun : Aug/01/07
    last seen2020-06-01
    modified2020-06-02
    plugin id16089
    published2005-01-03
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16089
    titleSolaris 9 (sparc) : 112945-46
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114193.NASL
    descriptionSunOS 5.9_x86: wbem Patch. Date this patch was last updated by Sun : Aug/01/07
    last seen2020-06-01
    modified2020-06-02
    plugin id16091
    published2005-01-03
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16091
    titleSolaris 9 (x86) : 114193-36
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_121309.NASL
    descriptionSunOS 5.10_x86: Solaris Management Console. Date this patch was last updated by Sun : Apr/02/10 This plugin has been deprecated and either replaced with individual 121309 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id20276
    published2005-12-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20276
    titleSolaris 10 (x86) : 121309-20 (deprecated)

Oval

accepted2007-07-11T15:17:31.878-04:00
classvulnerability
contributors
namePai Peng
organizationOpsware, Inc.
descriptionUnspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
familyunix
idoval:org.mitre.oval:def:1341
statusaccepted
submitted2007-06-08T14:30:00.000-04:00
titleSecurity Vulnerability in the Authentication Mechanism for Solaris Management Console (SMC) May Lead to Escalation of Privileges
version35