CVE-2008-1369 - OpenCVE

A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Sunos Sparc Enterprise Server

Configuration 1 [-]

AND

cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*

OR	cpe:2.3:h:sun:sparc_enterprise_server:t5120:::::::*
	cpe:2.3:h:sun:sparc_enterprise_server:t5220:::::::*

References

Link	Resource
http://secunia.com/advisories/29529
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1
http://www.securityfocus.com/bid/28469
http://www.securitytracker.com/id?1019708
http://www.vupen.com/english/advisories/2008/0810/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41332

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-18T17:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-03-18T00:00:00

Link: CVE-2008-1369

JSON object: View

NVD Information

Status : Modified

Published: 2008-03-18T17:44:00.000

Modified: 2018-10-30T16:25:14.200

Link: CVE-2008-1369

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-12T00:00:00", "descriptions": [{"lang": "en", "value": "A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-0810", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0810/references"}, {"name": "sparc-configuration-privilege-escalation(41332)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41332"}, {"name": "29529", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29529"}, {"name": "231244", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1"}, {"name": "1019708", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019708"}, {"name": "28469", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28469"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1369", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-0810", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0810/references"}, {"name": "sparc-configuration-privilege-escalation(41332)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41332"}, {"name": "29529", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29529"}, {"name": "231244", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1"}, {"name": "1019708", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019708"}, {"name": "28469", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28469"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1369", "datePublished": "2008-03-18T17:00:00", "dateReserved": "2008-03-18T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sun:sparc_enterprise_server:t5120:*:*:*:*:*:*:*", "matchCriteriaId": "249D6284-3527-4947-BE67-42A2897AF79E", "vulnerable": false}, {"criteria": "cpe:2.3:h:sun:sparc_enterprise_server:t5220:*:*:*:*:*:*:*", "matchCriteriaId": "E7668A99-3F78-4D35-A500-102D67FFB29D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors."}, {"lang": "es", "value": "Alguna imagen incorrecta de Sun Solaris 10 sobre servidores SPARC Enterprise T5120 y T5220 tiene los ficheros /etc/default/login y /etc/ssh/sshd_config que configuran los logins de root de una forma involuntaria por parte del fabricante, permite a atacantes remotos obtener privilegios a trav\u00e9s de vectores desconocidos."}], "evaluatorComment": "Sun link will not execute.", "id": "CVE-2008-1369", "lastModified": "2018-10-30T16:25:14.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-18T17:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29529"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28469"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019708"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0810/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41332"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}