CVE-2002-0089 - Vulnerability Details - OpenCVE

Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Solaris Sunos

Configuration 1 [-]

OR	cpe:2.3:o:sun:solaris:2.6:::::::*
	cpe:2.3:o:sun:solaris:8.0::sparc:::::
	cpe:2.3:o:sun:solaris:8.0::x86:::::
	cpe:2.3:o:sun:sunos:5.5:::::::*
	cpe:2.3:o:sun:sunos:5.5.1:::::::*
	cpe:2.3:o:sun:sunos:5.7:::::::*

No data.

References

Link	Providers
http://online.securityfocus.com/archive/1/270122
http://www.esecurityonline.com/advisories/eSO2397.asp
http://www.iss.net/security_center/static/8954.php
http://www.iss.net/security_center/static/8955.php
http://www.securityfocus.com/bid/4624
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-03-07T05:00:00

Updated: 2024-08-08T02:35:17.569Z

Reserved: 2002-03-06T00:00:00

Link: CVE-2002-0089

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2002-03-15T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2002-0089

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "solaris-admintool-prodvers-bo(8955)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8955.php"}, {"name": "solaris-admintool-d-bo(8954)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8954.php"}, {"name": "oval:org.mitre.oval:def:67", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67"}, {"name": "4624", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4624"}, {"tags": ["x_refsource_MISC"], "url": "http://www.esecurityonline.com/advisories/eSO2397.asp"}, {"name": "20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://online.securityfocus.com/archive/1/270122"}, {"name": "oval:org.mitre.oval:def:68", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0089", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "solaris-admintool-prodvers-bo(8955)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8955.php"}, {"name": "solaris-admintool-d-bo(8954)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8954.php"}, {"name": "oval:org.mitre.oval:def:67", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67"}, {"name": "4624", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4624"}, {"name": "http://www.esecurityonline.com/advisories/eSO2397.asp", "refsource": "MISC", "url": "http://www.esecurityonline.com/advisories/eSO2397.asp"}, {"name": "20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/270122"}, {"name": "oval:org.mitre.oval:def:68", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:35:17.569Z"}, "title": "CVE Program Container", "references": [{"name": "solaris-admintool-prodvers-bo(8955)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8955.php"}, {"name": "solaris-admintool-d-bo(8954)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8954.php"}, {"name": "oval:org.mitre.oval:def:67", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67"}, {"name": "4624", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4624"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.esecurityonline.com/advisories/eSO2397.asp"}, {"name": "20020429 eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://online.securityfocus.com/archive/1/270122"}, {"name": "oval:org.mitre.oval:def:68", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0089", "datePublished": "2002-03-07T05:00:00", "dateReserved": "2002-03-06T00:00:00", "dateUpdated": "2024-08-08T02:35:17.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "32CF7469-6D2F-4E34-8013-7F0D3433D0B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*", "matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "5B72953B-E873-4E44-A3CF-12D770A0D416", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file."}, {"lang": "es", "value": "Desbordamiento de buffer en admintools en Solarios 2.5 a 8 permite a usuarios locales ganar privilegios de root mediante argumentos largos ala opci\u00f3n de l\u00ednea de comandos -del argumento PRODVERS en el fichero .cdtoc."}], "id": "CVE-2002-0089", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-03-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/270122"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.esecurityonline.com/advisories/eSO2397.asp"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8954.php"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/8955.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/4624"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/270122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.esecurityonline.com/advisories/eSO2397.asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8954.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/8955.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/4624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A67"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A68"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}