Vulnerability Details

ID: CVE-1999-1428

Last Modified: Sept. 5, 2008

Open in new window

Description

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.

CVSS V2

Access Vector: Local

Access Complexity: High

Authentication: None

Confidentiality Impact: Complete

Integrity Impact: Complete

Availability Impact: Complete

Base Score: 6.2

Exploitability Score: 1.9

Impact Score: 10.0

CVSS V2: AV:L/AC:H/Au:N/C:C/I:C/A:C

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:sun:solstice_adminsuite:2.1::x86::::: Part: a Product: solstice_adminsuite Edition: x86 Vendor: sun Version: 2.1	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.2::x86::::: Part: a Product: solstice_adminsuite Edition: x86 Vendor: sun Version: 2.2	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.1:::::::* Part: a Product: solstice_adminsuite Vendor: sun Version: 2.1	Alle Schwachstellen für sun
	cpe:2.3:a:sun:solstice_adminsuite:2.2:::::::* Part: a Product: solstice_adminsuite Vendor: sun Version: 2.2	Alle Schwachstellen für sun

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.1:*:x86:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.2:*:x86:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.1:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:sun:solstice_adminsuite:2.2:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="local"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="local"/>
        <prop key="range" value="local"/>
    </set>
</set>