CVE-2004-1394

Name of the Vulnerable Software and Affected Versions: Sun Solaris versions 8 and 9

Description: The issue arises from the pfexec function's improper handling of custom profiles with invalid entries in the exec attr database. This may allow local users with custom rights profiles to execute profile commands with elevated privileges.

Recommendations: For Sun Solaris versions 8 and 9, ensure that all custom profiles contain valid entries in the exec attr database to prevent potential privilege escalation. As a temporary workaround, consider restricting access to custom profiles until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.