Sun Solaris 2.6/7.0/8.0/9.0 Direct Graphics Access Mode privileges management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Sun Solaris 2.6/7.0/8.0/9.0. It has been classified as critical. The impacted element is an unknown function of the component Direct Graphics Access Mode Handler. The manipulation leads to privileges management. This vulnerability is referenced as CVE-2003-1058. The attack needs to be initiated within the local network. No exploit is available. It is suggested to install a patch to address this issue.
Details
A vulnerability, which was classified as critical, has been found in Sun Solaris 2.6/7.0/8.0/9.0 (Operating System). This issue affects an unknown code block of the component Direct Graphics Access Mode Handler. The manipulation with an unknown input leads to a privileges management vulnerability. Using CWE to declare the problem leads to CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
The bug was discovered 12/02/2003. The weakness was published 12/02/2003 with Sun Microsystems Inc. (Website). The advisory is shared at sunsolve.sun.com. The identification of this vulnerability is CVE-2003-1058 since 02/08/2005. Access to the local network is required for this attack. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
Upgrading to version 2.6 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at sunsolve.sun.com. The best possible mitigation is suggested to be patching the affected component.
The vulnerability is also documented in the databases at X-Force (13890), SecurityFocus (BID 9147†), OSVDB (2892†), Secunia (SA10346†) and Vulnerability Center (SBV-20662†). ciac.org is providing further details. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
Website
- Vendor: https://www.oracle.com/sun/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.3
VulDB Base Score: 7.6
VulDB Temp Score: 7.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Upgrade: Solaris 2.6
Patch: sunsolve.sun.com
Timeline
01/04/2000 🔍12/02/2003 🔍
12/02/2003 🔍
12/02/2003 🔍
12/03/2003 🔍
12/03/2003 🔍
12/03/2003 🔍
12/04/2003 🔍
02/08/2005 🔍
01/29/2009 🔍
06/27/2019 🔍
Sources
Vendor: oracle.comAdvisory: sunsolve.sun.com⛔
Researcher: http://www.sun.com
Organization: Sun Microsystems Inc.
Status: Not defined
CVE: CVE-2003-1058 (🔍)
GCVE (CVE): GCVE-0-2003-1058
GCVE (VulDB): GCVE-100-425
X-Force: 13890 - Sun Solaris Xsun DGA mode allows elevated privileges, High Risk
SecurityFocus: 9147 - Sun Solaris XSun Direct Graphics Access Insecure Temporary File Vulnerability
Secunia: 10346 - Sun Solaris Xsun DGA Mode Vulnerability, Less Critical
OSVDB: 2892 - Solaris Xsun DGA Mode Local Privilege Escalation and DoS
Vulnerability Center: 20662 - Sun Solaris 2.6 - 9 Xsun in DGA Mode Local Dos or Data Manipulation Vulnerability, Medium
Misc.: 🔍
Entry
Created: 12/04/2003 11:54Updated: 06/27/2019 11:21
Changes: 12/04/2003 11:54 (81), 06/27/2019 11:21 (4)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.