This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote Solaris system is missing a security patch for third-party
The remote Solaris system is missing necessary patches to address
security updates :
- sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through
1.8.6p6 allows local users or physically proximate
attackers to bypass intended time restrictions and
retain privileges without re-authenticating by setting
the system clock and sudo user timestamp to the epoch.
- sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when
the tty_tickets option is enabled, does not properly
validate the controlling terminal device, which allows
local users with sudo permissions to hijack the
authorization of another terminal via vectors related to
connecting to the standard input, output, and error file
descriptors of another terminal. NOTE: this is one of
three closely-related vulnerabilities that were
originally assigned CVE-2013-1776, but they have been
SPLIT because of different affected versions.
See also :
Upgrade to Solaris 18.104.22.168.0.
Risk factor :
Medium / CVSS Base Score : 6.9
Public Exploit Available : true