CVE-2009-4211

high

Description

The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.

References

http://www.securityfocus.com/bid/37200

http://www.securityfocus.com/archive/1/508188/100/0/threaded

http://www.kb.cert.org/vuls/id/433821

http://securitytracker.com/id?1023265

Details

Source: Mitre, NVD

Published: 2009-12-04

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High