| Vulnerability Name: | CVE-2002-0089 (CCN-8954) | ||||||||||||
| Assigned: | 2002-03-15 | ||||||||||||
| Published: | 2002-03-15 | ||||||||||||
| Updated: | 2018-10-30 | ||||||||||||
| Summary: | Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file. | ||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Apr 29 2002 - 14:50:33 CDT eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities Source: CCN Type: BugTraq Mailing List, Mon Apr 29 2002 - 15:54:01 CDT eSecurityOnline Security Advisories notes Source: MITRE Type: CNA CVE-2002-0089 Source: BUGTRAQ Type: UNKNOWN 20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities Source: CCN Type: Sun Alert ID: 27353 Buffer Overflow in admintool(1M) in Solaris Source: CCN Type: Sun Microsystems Web site SunSolve Online Source: CCN Type: eSO Security Advisory: 2397 Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities Source: MISC Type: Patch, Vendor Advisory http://www.esecurityonline.com/advisories/eSO2397.asp Source: XF Type: UNKNOWN solaris-admintool-d-bo(8954) Source: XF Type: UNKNOWN solaris-admintool-prodvers-bo(8955) Source: BID Type: UNKNOWN 4624 Source: CCN Type: BID-4624 Solaris admintool Local Buffer Overflow Vulnerability Source: XF Type: UNKNOWN solaris-admintool-d-bo(8954) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:67 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:68 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Vulnerability Name: | CVE-2002-0089 (CCN-8955) | ||||||||||||
| Assigned: | 2002-04-29 | ||||||||||||
| Published: | 2002-04-29 | ||||||||||||
| Updated: | 2002-04-29 | ||||||||||||
| Summary: | Sun Solaris is vulnerable to a buffer overflow in admintool program, caused by improper bounds checking on PRODVERS environment variable. By setting the PRODVERS variable in the .cdtoc file to an overly long string, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause admintool to crash once the .cdtoc file has been processed. | ||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Apr 29 2002 - 14:50:33 CDT eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities Source: CCN Type: BugTraq Mailing List, Mon Apr 29 2002 - 15:54:01 CDT eSecurityOnline Security Advisories notes Source: MITRE Type: CNA CVE-2002-0089 Source: CCN Type: Sun Alert ID: 27353 Buffer Overflow in admintool(1M) in Solaris Source: CCN Type: Sun Microsystems Web site SunSolve Online Source: CCN Type: eSO Security Advisory: 2397 Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities Source: CCN Type: BID-4624 Solaris admintool Local Buffer Overflow Vulnerability Source: XF Type: UNKNOWN solaris-admintool-prodvers-bo(8955) | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||