Vulnerability Name:

CVE-2003-1024 (CCN-14065)

Assigned:2003-12-22
Published:2003-12-22
Updated:2018-10-30
Summary:Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2003-1024

Source: CCN
Type: SA10486
Sun Solaris tcsh Privilege Escalation Vulnerability

Source: SECUNIA
Type: UNKNOWN
10486

Source: CCN
Type: Sun Alert ID: 57455
Security Issue Involving the tcsh(1) ls-F builtin on Solaris 8

Source: SUNALERT
Type: Patch, Vendor Advisory
57455

Source: CCN
Type: CIAC Information Bulletin O-044
Sun Security Issue Involving the tcsh(1) ls-F Builtin on Solaris 8

Source: CCN
Type: US-CERT VU#281356
Sun Solaris tcsh(1) contains vulnerability in the built-in ls-F command

Source: CERT-VN
Type: US Government Resource
VU#281356

Source: CCN
Type: OSVDB ID: 3155
Solaris tcsh Privilege Escalation

Source: CCN
Type: OSVDB ID: 8725
Solaris tcsh ls-F Function Privilege Escalation

Source: BID
Type: Patch, Vendor Advisory
9280

Source: CCN
Type: BID-9280
Sun Solaris tcsh ls-F Builtin Unspecified Privilege Escalation Vulnerability

Source: CCN
Type: BID-929
ICQ URL Remote Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
solaris-lsf-gain-privileges(14065)

Source: XF
Type: UNKNOWN
solaris-lsf-gain-privileges(14065)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1528

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1528
    V
    		ls-F Privilege Escalation Vulnerability
    2005-10-12
    BACK
    sun sunos 5.8
    sun solaris 8