Vulnerability Name:

CVE-2003-1576 (CCN-12132)

Assigned:2003-05-30
Published:2003-05-30
Updated:2010-01-31
Summary:Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201231-1



* "SunMC Change Manager" 1.0 is an unbundled Sun Management Center (SunMC) 3.0 add-on. It is not a part of the SunMC "base" product.
* Solaris 2.6 and 7 are not affected. Solaris on the x86 platform is not affected.

CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2003-1576

Source: CCN
Type: Sun Alert ID: 55160
A Vulnerability in "Sun Management Center (SunMC) Change Manager" Program May Allow Unauthorized Root Privileges

Source: CONFIRM
Type: Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1

Source: CCN
Type: Sun Alert ID: 201231
A Vulnerability in "Sun Management Center (SunMC) Change Manager" Program May Allow Unauthorized Root Privileges

Source: SUNALERT
Type: Patch, Vendor Advisory
201231

Source: CCN
Type: OSVDB ID: 62124
Sun Management Center (SunMC) pamverifier Unspecified Overflow

Source: CCN
Type: BID-7781
Sun Management Center Change Manager PamVerifier Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
sunmc-pamverifier-bo(12132)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:change_manager:1.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:sun:management+center:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun change manager 1.0
    sun management+center 3.0
    sun solaris 8.0
    sun solaris 9.0