Vulnerability Description
The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Solaris | All versions |
| Disa | Srr For Solaris | All versions |
Related Weaknesses (CWE)
References
- http://securitytracker.com/id?1023265
- http://www.kb.cert.org/vuls/id/433821
- http://www.securityfocus.com/archive/1/508188/100/0/threaded
- http://www.securityfocus.com/bid/37200
- http://securitytracker.com/id?1023265
- http://www.kb.cert.org/vuls/id/433821
- http://www.securityfocus.com/archive/1/508188/100/0/threaded
- http://www.securityfocus.com/bid/37200
FAQ
What is CVE-2009-4211?
CVE-2009-4211 is a vulnerability with a CVSS score of 9.3 (HIGH). The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, ...
How severe is CVE-2009-4211?
CVE-2009-4211 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4211?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Solaris, Disa Srr For Solaris.