CVE-2007-4126 Details

CVE-2007-4126

Published: 2007-08-01 16:17:00
CVE Author: NIST National Vulnerability Database (NVD)
Summary:

Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.

Exploitability Analysis:

This is a vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. Examples of locally exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and local privilege escalations (e.g., sudo).

Exploitability Complexity:

The access conditions are somewhat specialized; the following are examples: The attacking party is limited to a group of systems or users at some level of authorization, possibly untrusted. Some information must be gathered before a successful attack can be launched. The affected configuration is non-default, and is not commonly configured (e.g., a vulnerability present when a server performs user account authentication via a specific scheme, but not present for another authentication scheme). The attack requires a small amount of social engineering that might occasionally fool cautious users (e.g., phishing attacks that modify a web browser’s status bar to show a false link, having to be on someone’s “buddy” list before sending an IM exploit).

Authentication:

One instance of authentication is required to access and exploit the vulnerability.

Confidentiality Impact:

There is no impact to the confidentiality of the system.

Integrity Impact:

There is no impact to the integrity of the system.

Availability Impact:

There is reduced performance or interruptions in resource availability. An example is a network-based flood attack that permits a limited number of successful connections to an Internet service.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

CVE-2007-4126

Follow us:
Search
Impact
Low
CVSS Score
1.5
Exploitable
Locally Exploitable

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage 137,149 vulnerabilities.