Vulnerability Name:

CVE-2004-1351 (CCN-18385)

Assigned:2004-12-06
Published:2004-12-06
Updated:2018-10-30
Summary:Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1351

Source: SUNALERT
Type: Patch, Vendor Advisory
57659

Source: AUSCERT
Type: Patch, Vendor Advisory
ESB-2004.0759

Source: CCN
Type: CIAC Information Bulletin P-050
"in.rwhod" Daemon Vulnerability

Source: CIAC
Type: Patch, Vendor Advisory
P-050

Source: CCN
Type: OSVDB ID: 12269
Solaris in.rwhod Remote Overflow

Source: BID
Type: Patch, Vendor Advisory
11840

Source: CCN
Type: BID-11840
Sun Solaris IN.RWHOD(1M) Daemon Remote Code Execution Vulnerability

Source: CCN
Type: Sun Alert ID: 57659
Security Vulnerability in the in.rwhod(1M) Daemon

Source: XF
Type: UNKNOWN
solaris-inrwhod-command-execution(18385)

Source: XF
Type: UNKNOWN
solaris-inrwhod-command-execution(18385)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:592

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:7.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:592
    V
    		rwho daemon Code Execution Vulnerability
    2005-06-01
    BACK
    sun solaris 7.0
    sun solaris 8.0
    sun solaris 9.0
    sun solaris 9.0
    sun sunos 5.7
    sun sunos 5.8
    sun solaris 8
    sun solaris 9
    sun solaris 7.0