Vulnerability CVE-2006-0227 - CERT Civis.Net

Vulnerability Name:

CVE-2006-0227 (CCN-24127)

Assigned:

2006-01-13

Published:

2006-01-13

Updated:

2018-10-30

Summary:

Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

2.6 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
1.9 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2006-0227

Source: CCN
Type: SA18498
Sun Solaris lpsched Unspecified Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
18498

Source: CCN
Type: SA19087
Avaya CMS / IR Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
19087

Source: CCN
Type: SECTRACK ID: 1015492
Sun Solaris lpsched Lets Local Users Disable the Service and Delete Files

Source: SECTRACK
Type: Patch
1015492

Source: CCN
Type: Sun Alert ID: 102033
Vulnerabilities in lpsched(1M) May Allow an Unprivileged User to Remove System Files or Disable the LP Service

Source: SUNALERT
Type: Patch
102033

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm

Source: CCN
Type: ASA-2006-056
Sun Alert Notifications from Sun Weekly Report dated Jan 14 2006

Source: OSVDB
Type: UNKNOWN
22441

Source: OSVDB
Type: UNKNOWN
22442

Source: CCN
Type: OSVDB ID: 22441
Solaris lpsched Arbitrary Local File Deletion

Source: CCN
Type: OSVDB ID: 22442
Solaris lpsched Unauthorized Local Service Shutdown

Source: BID
Type: UNKNOWN
16245

Source: CCN
Type: BID-16245
Sun Solaris LPSCHED Multiple Local Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-0200

Source: XF
Type: UNKNOWN
solaris-lpsched-dos(24127)

Source: XF
Type: UNKNOWN
solaris-lpsched-dos(24127)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:662

Vulnerable Configuration:

Configuration 1:

cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10.0:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10.0:*:x86:*:*:*:*:*

OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

OR cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:sun:solaris:8::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:662	V	lpsched Local System Corruption Vulnerability	2011-05-09