Description
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14988
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57453-1
Vendor Advisory third-party-advisory
x_refsource_auscert
http://www.auscert.org.au/render.html?it=3800
Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10755/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1008893
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3764
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9534
Scores
EPSS
0.0008
EPSS Percentile
22.7%
Details
Status
published
Products (2)
sun/solaris
9.0
sun/sunos
5.8
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026