CVE-2007-6505
Solaris 9 - Audit Record Tampering via SSH Login with Non-Root User
Title source: llmDescription
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201310-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39185
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/44332
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5282
Patch vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103172-1
Scores
EPSS
0.0035
EPSS Percentile
57.7%
Details
CWE
CWE-16
Status
published
Products (1)
sun/solaris
9 (2 CPE variants)
Published
Dec 20, 2007
Tracked Since
Feb 18, 2026