A vulnerability, which was classified as critical, was found in Sun Solaris 2009.06/10 (Operating System). This affects some unknown processing of the component Kernel. The manipulation with an unknown input leads to a local privilege escalation vulnerability. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

The weakness was published 12/03/2009 (Website). It is possible to read the advisory at intevydis.com. This vulnerability is uniquely identified as CVE-2009-4191 since 12/03/2009. The exploitability is told to be easy. Attacking locally is a requirement. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/04/2019). It is expected to see the exploit prices for this product decreasing in the near future.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entry is available at 51014.

Productinfo

Type

• Operating System

Vendor

• Sun

Name

• Solaris

Version

• 10
• 2009.06

License

• commercial

Support

• end of life

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion