CVE-2002-1871 — Solaris vulnerability

6 documents3 sources

Severity

7.2HIGHNVD

NVD3.6

EPSS

0.1%

top 82.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedDec 31

Latest updateMay 1

Description

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/solaris10.0, 2.6+1

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

Patches

Patch: sunsolve.sun.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-r8w2-jqrm-hxg6: pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (q↗2022-05-01

▶

GHSA

GHSA-gjh3-jcfj-99r5: pkgadd in Sun Solaris 2↗2022-04-30

▶

CVEList

CVE-2006-4439: pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (q↗2006-08-29

▶

CVEList

CVE-2002-1871: pkgadd in Sun Solaris 2↗2005-06-28

▶