CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4211

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1430%
EPSS Percentile39.01th
PublishedDec 4, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.

Affected Platforms (CPE)

πŸ“¦
Disa

Srr For Solaris

All versions

References & Advisories

πŸ”— http://securitytracker.com/id?1023265
πŸ”— http://www.kb.cert.org/vuls/id/433821
πŸ”— http://www.securityfocus.com/archive/1/508188/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/37200
πŸ”— http://securitytracker.com/id?1023265
πŸ”— http://www.kb.cert.org/vuls/id/433821
πŸ”— http://www.securityfocus.com/archive/1/508188/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/37200

Related Vulnerabilities

CVE-2009-093910.0

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec confor...

CVE-2009-414310.0

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt ...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...

CVE-2009-303210.0

Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Syman...