Vulnerability Name:

CCN-17206

Published:2004-09-01
Updated:2004-09-01
Summary:Sun Cluster could allow a remote authenticated attacker to corrupt arbitrary files on the system, caused by a vulnerability in the Proxy File System (PxFS) (also known as Cluster File System (CFS) or Global File System (GFS)). A remote, non-root user, could specify the -p option to rcp(1) and overwrite arbitrary files on the system, if the source file has no write permissions and the destination file is larger than the source file.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Sun Alert ID: 57471
rcp(1) to a (Sun Cluster) Proxy File System May Result in File Corruption

Source: XF
Type: UNKNOWN
sun-cluster-file-overwrite(17206)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:sun:cluster:3.0::sparc:*:*:*:*:*
  • OR cpe:/a:sun:cluster:3.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun cluster 3.0
    sun cluster 3.1
    sun solaris 8
    sun solaris 9