The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
Publish Date : 2003-09-22 Last Update Date : 2008-09-10
| Cvss Score |
10.0 |
| Confidentiality Impact |
Complete
(There is total information disclosure, resulting in all system files being revealed.) |
| Integrity Impact |
Complete
(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) |
| Availability Impact |
Complete
(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) |
| Access Complexity |
Low
(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) |
| Authentication |
Not required
(Authentication is not required to exploit the vulnerability.) |
| Gained Access |
Admin |
| Vulnerability Type(s) |
Gain privileges |
| CWE ID |
CWE id is not defined for this vulnerability |
| Title |
Definition Id |
Class |
Family |
|
Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability |
oval:org.mitre.oval:def:1273 |
|
unix |
|
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.
