Vulnerabilities > CVE-2007-3717 - Local Security vulnerability in SUN Sunos 5.10/5.8/5.9
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125794.NASL description SunOS 5.10_x86: cryptmod patch. Date this patch was last updated by Sun : Jul/05/07 last seen 2018-09-01 modified 2018-08-13 plugin id 25729 published 2007-07-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25729 title Solaris 10 (x86) : 125794-02 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(25729); script_version("1.23"); script_name(english: "Solaris 10 (x86) : 125794-02"); script_cve_id("CVE-2007-3717"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 125794-02"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: cryptmod patch. Date this patch was last updated by Sun : Jul/05/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1001022.1.html"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/18"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/07/10"); script_end_attributes(); script_summary(english: "Check for patch 125794-02"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS9_114716.NASL description SunOS 5.9: rcp patch. Date this patch was last updated by Sun : Jul/06/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25732 published 2007-07-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25732 title Solaris 9 (sparc) : 114716-05 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(25732); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-3717"); script_name(english:"Solaris 9 (sparc) : 114716-05"); script_summary(english:"Check for patch 114716-05"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114716-05" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: rcp patch. Date this patch was last updated by Sun : Jul/06/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1001022.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/07/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114716-05", obsoleted_by:"", package:"SUNWsutl", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114716-05", obsoleted_by:"", package:"SUNWrcmdc", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114717.NASL description SunOS 5.9_x86: rcp patch. Date this patch was last updated by Sun : Jul/06/07 last seen 2020-06-01 modified 2020-06-02 plugin id 25733 published 2007-07-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25733 title Solaris 9 (x86) : 114717-05 NASL family Solaris Local Security Checks NASL id SOLARIS10_121132.NASL description SunOS 5.10: cryptmod patch. Date this patch was last updated by Sun : Jul/05/07 last seen 2018-09-02 modified 2018-08-13 plugin id 25728 published 2007-07-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25728 title Solaris 10 (sparc) : 121132-03
Oval
| accepted | 2007-08-20T08:04:38.771-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:1772 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2007-07-12T12:19:52.000-04:00 | ||||||||||||||||||||||||
| title | Security Vulnerability in the rcp(1) Command May Allow Execution of Unintended Commands | ||||||||||||||||||||||||
| version | 36 |
References
- http://osvdb.org/36611
- http://secunia.com/advisories/26024
- http://secunia.com/advisories/26210
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-319.htm
- http://www.vupen.com/english/advisories/2007/2494
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35334
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1772