Vulnerability Name:

CVE-2006-3941 (CCN-28083)

Assigned:2006-07-28
Published:2006-07-28
Updated:2017-07-20
Summary:Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors that cause (1) qmaster or (2) execd to terminate.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2006-3941

Source: CCN
Type: SA21185
Sun Grid Engine Unspecified Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
21185

Source: CCN
Type: SA22425
Avaya CMS / IR Sun Solaris ACK Storm Denial of Service

Source: SECUNIA
Type: Vendor Advisory
22425

Source: CCN
Type: SECTRACK ID: 1016607
Sun N1 Grid Engine Buffer Overflows Let Local Users Shutdown the Grid Service or Gain Elevated Privileges

Source: SECTRACK
Type: Patch
1016607

Source: CCN
Type: Sun Alert ID: 102322
Security Vulnerability With Sun N1 Grid Engine Daemons

Source: SUNALERT
Type: Patch
102322

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm

Source: OSVDB
Type: UNKNOWN
27639

Source: CCN
Type: OSVDB ID: 27638
Sun N1 Grid Engine Multiple Process/Service Termination Local DoS

Source: CCN
Type: OSVDB ID: 27639
Sun N1 Grid Engine Unspecified Local Overflows

Source: BID
Type: Patch
19218

Source: CCN
Type: BID-19218
Sun Solaris N1 Grid Engine Multiple Local Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3066

Source: XF
Type: UNKNOWN
sge-daemon-bo(28083)

Source: XF
Type: UNKNOWN
sge-daemon-bo(28083)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:n1_grid_engine:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:n1_grid_engine:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:n1_grid_engine:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:sun:n1_grid_engine:6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun n1 grid engine 5.3
    sun n1 grid engine 6.0
    sun n1 grid engine 5.3
    sun n1 grid engine 6.0