Vulnerability CVE-2006-0408 - CERT Civis.Net

Vulnerability Name:

CVE-2006-0408 (CCN-24281)

Assigned:

2006-01-24

Published:

2006-01-24

Updated:

2017-07-20

Summary:

rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2006-0408

Source: CCN
Type: Sun BugID - List of Bug Fixes and Patches Released
Bugs fixed in SGE 6.0u7_1 since release 6.0u7

Source: CONFIRM
Type: UNKNOWN
http://gridengine.sunsource.net/project/gridengine/60patches.txt

Source: CCN
Type: SunSource.net Web site
Download Grid Engine 6.0 Update7_1

Source: CCN
Type: SA18580
Sun Grid Engine rsh Client Privilege Escalation Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
18580

Source: CCN
Type: SECTRACK ID: 1015531
Grid Engine Bug in `rsh` Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1015531

Source: CCN
Type: OSVDB ID: 22749
Sun Grid Engine rsh Local Privilege Escalation

Source: BID
Type: UNKNOWN
16366

Source: CCN
Type: BID-16366
Sun Grid Engine Local Privilege Escalation Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0308

Source: XF
Type: UNKNOWN
sge-rsh-privilege-escalation(24281)

Source: XF
Type: UNKNOWN
sge-rsh-gain-privileges(24281)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:grid_engine:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update7:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:grid_engine:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:grid_engine:6.0:update7:*:*:*:*:*:*

AND

cpe:/o:sgi:irix:6.5:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:7.0:*:x86:*:*:*:*:*

OR cpe:/o:ibm:aix:4.3:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:7.0:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:8:*:x86:*:*:*:*:*

OR cpe:/o:compaq:tru64:5.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:5.1:*:*:*:*:*:*:*

OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*

OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*

OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*

Denotes that component is vulnerable