Vulnerability Description
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Solaris | 9 |
Related Weaknesses (CWE)
References
- http://osvdb.org/44332
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103172-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201310-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/44332
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103172-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201310-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39185
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2007-6505?
CVE-2007-6505 is a vulnerability with a CVSS score of 3.5 (LOW). Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier...
How severe is CVE-2007-6505?
CVE-2007-6505 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6505?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Solaris.