Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities

Bugtraq ID:	25353
Class:	Unknown
CVE:	CVE-2007-4395
Remote:	Yes
Local:	No
Published:	Aug 17 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Sun Solaris 8_x86 Sun Solaris 8_sparc Avaya Interactive Response 1.3 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1
Not Vulnerable:

Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities

Sun Solaris 8 is prone to two remote privilege-escalation vulnerabilities.

Successfully exploiting these issues may allow remote attackers to gain elevated privileges on vulnerable computers. This facilitates the complete compromise of affected computers.

Attackers require knowledge of role passwords to successfully exploit these issues.

Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities

Solution:
The vendor has released an advisory and patches to address these issues. Please see the references for more information.


Sun Solaris 8_x86

• Sun 127034-01
  http://sunsolve.sun.com/search/document.do?assetkey=1-21-127034-01-1

Sun Solaris 8_sparc

• Sun 127033-01
  http://sunsolve.sun.com/search/document.do?assetkey=1-21-127033-01-1

Sun Solaris 8 RBAC Remote Privilege Escalation Vulnerabilities

References:

• Sun Solaris Homepage (Sun Microsystems)
  
• ASA-2007-366 Two Security Vulnerabilities in Solaris 8 Role Based Access Control (Avaya)
  
• Sun Alert ID: 103029 (Sun)