Vulnerability Name:

CVE-2005-4701 (CCN-25268)

Assigned:2005-10-12
Published:2005-10-12
Updated:2011-03-08
Summary:Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-4701

Source: CCN
Type: SECTRACK ID: 1015053
Sun Solaris pwdx Discloses Process Directory Information to Local Users

Source: SECTRACK
Type: Patch
1015053

Source: CCN
Type: Sun Alert ID: 101949
Security Vulnerability in Solaris 10 Allows Unprivileged User Visibility of Process Working Directories

Source: SUNALERT
Type: Patch
101949

Source: OSVDB
Type: Patch
19976

Source: CCN
Type: OSVDB ID: 19976
Solaris Process File System (procfs) File Name Disclosure

Source: VUPEN
Type: UNKNOWN
ADV-2005-2075

Source: XF
Type: UNKNOWN
solaris-procfs-information-disclosure(25268)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0:*:x86:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun solaris 10.0
    sun solaris 10.0
    sun solaris 10
    sun solaris 10