Vulnerability Name:

CVE-2004-1358 (CCN-14918)

Assigned:2004-01-22
Published:2004-01-22
Updated:2017-10-11
Summary:The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2004-1358

Source: CCN
Type: Sun Alert ID: 57478
Solaris 9 patches 114332-08 and 114929-06 are WITHDRAWN - Patches Disable the Auditing Functionality on Basic Security Module (BSM) Enabled Systems

Source: SUNALERT
Type: Patch, Vendor Advisory
57478

Source: CCN
Type: Sun Alert ID: 57483
Basic Security Module (BSM) Functionality is Impaired on Solaris Systems Which Have Removed The SUNWscpu Package

Source: AUSCERT
Type: Patch, Vendor Advisory
ESB-2004.0069

Source: CCN
Type: CIAC Information Bulletin O-099
Sun Basic Security Module Auditing Functionality Vulnerability

Source: CIAC
Type: Patch, Vendor Advisory
O-099

Source: CCN
Type: OSVDB ID: 60298
Solaris Multiple Patches Basic Security Module (BSM) Auditing Disablement

Source: BID
Type: Patch
9852

Source: CCN
Type: BID-9852
Sun Solaris Patch Unexpected Security Weakness

Source: XF
Type: UNKNOWN
solaris-patches-disable-bsm(14918)

Source: XF
Type: UNKNOWN
solaris-patches-disable-bsm(14918)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:3567

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:x86:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:3567
    V
    		Patches Disable Basic Security Module Auditing Functionality
    2005-06-01
    BACK
    sun solaris 9.0
    sun solaris 9.0
    sun solaris 9
    sun solaris 9