Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sun Solaris PFExec定制Profile任意命令执行漏洞
Vulnerability Description
Solaris是一款由Sun Microsystems公司开发和维护的商业性质UNIX操作系统。 Solaris中包含的pfexec(1)可能被其他高权限执行"Profile"命令,本地攻击者可以利用这个漏洞提升权限。 如果执行profiles数据库(exec_attr(4))包含一个代表可定指profile的非法条目,拥有定制profile(profiles(1))的非特权用户可能以高权限执行一个profile命令。 <*链接:http://sunsolve.sun.com/pub-cgi/retrie
CVSS Information
N/A
Vulnerability Type
N/A