CVE-2004-2306 — Solaris vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 77.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedDec 31

Latest updateApr 29

Description

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/solaris7.0, 8.0, 9.0+2

▶NVDsun/sunos5.7, 5.8+1

Patches

Patch: sunsolve.sun.com ↗Patch: www.ciac.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mrmx-49j9-w35c: Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disa↗2022-04-29

▶

CVEList

CVE-2004-2306: Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disa↗2005-08-16

▶