CVE-2007-0393Solaris vulnerability

3 documents3 sources
Severity
4.6MEDIUMNVD
CNA7.2
EPSS
0.1%
top 78.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Solaris
Timeline
PublishedJan 19
Latest updateMay 1

Description

Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDsun/solaris9.0

🔴Vulnerability Details

2
GHSA
GHSA-pqq7-42hf-m9r8: Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing2022-05-01
CVEList
CVE-2007-0393: Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing2007-01-19
CVE-2007-0393 — SUN Solaris vulnerability | cvebase