Vulnerability Details

ID: CVE-1999-1425

Last Modified: March 8, 2011

Open in new window

Description

Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.

CVSS V2

Access Vector: Local

Access Complexity: High

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 6.2

Exploitability Score: 1.9

Impact Score: 10.0

CVSS V2: AV:L/AC:H/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:sun:solstice_adminsuite:2.1::x86::::: Part: a Product: solstice_adminsuite Edition: x86 Vendor: sun Version: 2.1	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.2::x86::::: Part: a Product: solstice_adminsuite Edition: x86 Vendor: sun Version: 2.2	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.1:::::::* Part: a Product: solstice_adminsuite Vendor: sun Version: 2.1	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.2:::::::* Part: a Product: solstice_adminsuite Vendor: sun Version: 2.2	Alle Schwachstellen für sun

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.1:*:x86:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.2:*:x86:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.2:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="local"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="local"/>
        <prop key="range" value="local"/>
    </set>
</set>