CVE-2006-4439 — Solaris vulnerability

3 documents3 sources

Severity

3.6LOWNVD

CNA7.2

EPSS

0.1%

top 84.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris

Timeline

PublishedAug 29

Latest updateMay 1

Description

pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

▶NVDsun/solaris10.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-r8w2-jqrm-hxg6: pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (q↗2022-05-01

▶

CVEList

CVE-2006-4439: pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (q↗2006-08-29

▶