Vulnerability Details

ID: CVE-1999-1426

Last Modified: Sept. 5, 2008

Open in new window

Description

Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.

CVSS V2

Access Vector: Local

Access Complexity: High

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 6.2

Exploitability Score: 1.9

Impact Score: 10.0

CVSS V2: AV:L/AC:H/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:sun:solstice_adminsuite:2.1::x86::::: Part: a Product: solstice_adminsuite Edition: x86 Vendor: sun Version: 2.1	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.2::x86::::: Part: a Product: solstice_adminsuite Edition: x86 Vendor: sun Version: 2.2	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.1:::::::* Part: a Product: solstice_adminsuite Vendor: sun Version: 2.1	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.2:::::::* Part: a Product: solstice_adminsuite Vendor: sun Version: 2.2	Alle Schwachstellen für sun

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.1:*:x86:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.2:*:x86:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.2:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="local"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="local"/>
        <prop key="range" value="local"/>
    </set>
</set>