DISA Security Readiness Review Scripts for Solaris Local Privilege Escalation

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a local privilege escalation
vulnerability.

Description :

The remote host has a copy of the DISA Security Readiness Review
(SRR) Scripts for Solaris that is affected by a local privilege
escalation vulnerability. The vulnerability could be leveraged to
execute files in arbitrary directories with root privileges, as long as
such files are named 'java', 'openssl', 'php', 'snort', 'tshark',
'vncserver', or 'wireshark'.

Solution :

Upgrade to a version of the SRR scripts dated December 18, 2009 or
later.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 69934 ()

Bugtraq ID: 37200

CVE ID: CVE-2009-4211