CVE-2007-6505Solaris vulnerability

CWE-163 documents3 sources
Severity
3.5LOWNVD
EPSS
0.4%
top 42.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Solaris
Timeline
PublishedDec 20
Latest updateMay 1

Description

Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: sunsolve.sun.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-gghp-cf4v-c825: Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user l2022-05-01
CVEList
CVE-2007-6505: Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user l2007-12-20
CVE-2007-6505 — SUN Solaris vulnerability | cvebase