Vulnerability Name:

CVE-2003-0722 (CCN-13195)

Assigned:2003-09-15
Published:2003-09-15
Updated:2017-10-11
Summary:The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: iDEFENSE Security Advisory 09.16.03
Remote Root Exploitation of Default Solaris sadmind Setting

Source: CCN
Type: BugTraq Mailing List, Thu Sep 18 2003 - 15:18:37 CDT
Solaris ASSDMIND Exploitation

Source: VULNWATCH
Type: UNKNOWN
20030918 Solaris SADMIND Exploitation

Source: MITRE
Type: CNA
CVE-2003-0722

Source: BUGTRAQ
Type: UNKNOWN
20030918 Solaris SADMIND Exploitation

Source: CCN
Type: SA9742
Sun Solaris Sadmind Insecure Default Configuration

Source: SECUNIA
Type: UNKNOWN
9742

Source: CCN
Type: Sun Alert ID: 56740
Security Issue Involving the Solaris sadmind(1M) Daemon

Source: SUNALERT
Type: UNKNOWN
56740

Source: CCN
Type: CIAC Information Bulletin N-148
Sun Security Issue Involving the Solaris sadmind(1M) Daemon

Source: CIAC
Type: UNKNOWN
N-148

Source: MISC
Type: UNKNOWN
http://www.idefense.com/advisory/09.16.03.txt

Source: CCN
Type: US-CERT VU#41870
Sun Solstice AdminSuite ships with insecure default configuration

Source: CERT-VN
Type: US Government Resource
VU#41870

Source: CCN
Type: OSVDB ID: 4585
Solaris sadmind AUTH_SYS Credential Remote Command Execution

Source: BID
Type: UNKNOWN
8615

Source: CCN
Type: BID-8615
Sun Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability

Source: XF
Type: UNKNOWN
sol-sadmind-command-execution(13195)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1273

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1273
    V
    		Solaris SAdmin Client Credentials Remote Administrative Access Vulnerability
    2010-09-20
    BACK
    sun solaris *
    sun solaris 8
    sun solaris 9
    sun solaris 7.0