Vulnerability Details : CVE-2003-0722
Public exploit exists!
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
Exploit prediction scoring system (EPSS) score for CVE-2003-0722
Probability of exploitation activity in the next 30 days: 97.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2003-0722
-
Solaris sadmind Command Execution
Disclosure Date: 2003-09-13First seen: 2020-04-26exploit/solaris/sunrpc/sadmind_execThis exploit targets a weakness in the default security settings of the sadmind RPC application. This server is installed and enabled by default on most versions of the Solaris operating system. Vulnerable systems include solaris 2.7, 8, and 9 Autho
CVSS scores for CVE-2003-0722
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2003-0722
-
http://www.ciac.org/ciac/bulletins/n-148.shtml
-
http://marc.info/?l=bugtraq&m=106391959014331&w=2
-
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0115.html
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-56740-1&searchclause=security
-
http://www.kb.cert.org/vuls/id/41870
US Government Resource
-
http://www.idefense.com/advisory/09.16.03.txt
-
http://www.securityfocus.com/bid/8615
Sun Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1273
Products affected by CVE-2003-0722
- cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*