Vulnerabilities > CVE-2011-0902 - Local Privilege Escalation vulnerability in Sun SunScreen Firewall

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

oracle

sun

exploit available

NVD

Published: 2011-02-07

Updated: 2017-08-17

Summary

Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Hardware	Oracle Oracle SUN Microsystems Sunscreen Firewall *	1
OS	Sun SUN Sunos 5.9	1

Exploit-Db

description	Sun Microsystems SunScreen Firewall Root Exploit. CVE-2011-0902. Remote exploits for multiple platform
file	exploits/multiple/remote/16041.txt
id	EDB-ID:16041
last seen	2016-02-01
modified	2011-01-25
platform	multiple
port
published	2011-01-25
reporter	kingcope
source	https://www.exploit-db.com/download/16041/
title	Sun Microsystems SunScreen Firewall Root Exploit
type	remote

Summary

Vulnerable Configurations

Exploit-Db

References