Vulnerability Name:
CVE-2002-1584 (CCN-10935)
Assigned:
2002-12-24
Published:
2002-12-24
Updated:
2018-10-30
Summary:
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
10.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Privileges
References:
Source: SGI
Type: Patch
20030402-01-P
Source: MITRE
Type: CNA
CVE-2002-1584
Source: CCN
Type: SA7899
Solaris AUTH_DES Privilege Escalation Vulnerability
Source: SECUNIA
Type: UNKNOWN
7899
Source: CCN
Type: SECTRACK ID: 1005934
Sun Solaris RCP AUTH_DES Bug May Give Remote Users Root Access
Source: CCN
Type: Sun Alert ID: 46944
RPC Requests Involving AUTH_DES Authentication may Allow a User to Gain Elevated Privileges
Source: SUNALERT
Type: UNKNOWN
46944
Source: CCN
Type: US-CERT VU#518057
Sun Solaris AUTH_DES authentication contains vulnerability allowing user to gain escalated privileges
Source: CERT-VN
Type: US Government Resource
VU#518057
Source: CCN
Type: OSVDB ID: 14848
Multiple Unix Vendor RPC AUTH_DES Unspecified Remote Privilege Escalation
Source: BID
Type: UNKNOWN
6484
Source: CCN
Type: BID-6484
Sun Solaris RPC AUTH_DES Privilege Escalation Vulnerability
Source: SECTRACK
Type: UNKNOWN
1005934
Source: XF
Type: UNKNOWN
solaris-authdes-gain-privileges(10935)
Source: XF
Type: UNKNOWN
solaris-authdes-gain-privileges(10935)
Vulnerable Configuration:
Configuration 1
:
cpe:/o:sgi:irix:6.5.1:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.2:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.2f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.2m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.3:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.3f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.3m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.4:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.4f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.4m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.5:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.5f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.5m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.6:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.6f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.6m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.7:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.7f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.7m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.8:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.8f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.8m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.9:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.9f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.9m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.10:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.10f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.10m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.11:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.11f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.11m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.12:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.12f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.12m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.13:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.13f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.13m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.14:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.14f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.14m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.15:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.15f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.15m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.16:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.16f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.16m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.17:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.17f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.17m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.18:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.18f:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.18m:*:*:*:*:*:*:*
OR
cpe:/o:sgi:irix:6.5.19:*:*:*:*:*:*:*
Configuration 2
:
cpe:/o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
OR
cpe:/o:sun:solaris:7.0:*:x86:*:*:*:*:*
OR
cpe:/o:sun:sunos:-:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
sgi
irix 6.5.1
sgi
irix 6.5.2
sgi
irix 6.5.2f
sgi
irix 6.5.2m
sgi
irix 6.5.3
sgi
irix 6.5.3f
sgi
irix 6.5.3m
sgi
irix 6.5.4
sgi
irix 6.5.4f
sgi
irix 6.5.4m
sgi
irix 6.5.5
sgi
irix 6.5.5f
sgi
irix 6.5.5m
sgi
irix 6.5.6
sgi
irix 6.5.6f
sgi
irix 6.5.6m
sgi
irix 6.5.7
sgi
irix 6.5.7f
sgi
irix 6.5.7m
sgi
irix 6.5.8
sgi
irix 6.5.8f
sgi
irix 6.5.8m
sgi
irix 6.5.9
sgi
irix 6.5.9f
sgi
irix 6.5.9m
sgi
irix 6.5.10
sgi
irix 6.5.10f
sgi
irix 6.5.10m
sgi
irix 6.5.11
sgi
irix 6.5.11f
sgi
irix 6.5.11m
sgi
irix 6.5.12
sgi
irix 6.5.12f
sgi
irix 6.5.12m
sgi
irix 6.5.13
sgi
irix 6.5.13f
sgi
irix 6.5.13m
sgi
irix 6.5.14
sgi
irix 6.5.14f
sgi
irix 6.5.14m
sgi
irix 6.5.15
sgi
irix 6.5.15f
sgi
irix 6.5.15m
sgi
irix 6.5.16
sgi
irix 6.5.16f
sgi
irix 6.5.16m
sgi
irix 6.5.17
sgi
irix 6.5.17f
sgi
irix 6.5.17m
sgi
irix 6.5.18
sgi
irix 6.5.18f
sgi
irix 6.5.18m
sgi
irix 6.5.19
sun
solaris 2.5.1
sun
solaris 2.6
sun
solaris 7.0
sun
sunos -
sun
sunos 5.5.1
sun
sunos 5.7
sun
solaris 2.5.1
sun
solaris 2.6
sun
solaris 7.0
Denotes that component is vulnerable