PT-2007-1864 · Sun · Sun Solaris

Published

2007-01-19

Updated

2018-10-16

CVE-2007-0393

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Sun Solaris version 9

Description: The issue arises from improper verification of file descriptor status before setuid execution. This allows local users to escalate privileges by closing specific file descriptors (0, 1, or 2) and then executing a setuid program.

Recommendations: For Sun Solaris version 9, apply the necessary patches or updates to properly verify file descriptor status before setuid execution to prevent privilege escalation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0393

Affected Products

Sun Solaris

PT-2007-1864 · Sun · Sun Solaris

CVE-2007-0393

Related Identifiers

Affected Products

References · 3