Access Control Vulnerability in Sun PC NetLink by Sun Microsystems
CVE-2002-2323

7.5HIGH

Key Information:

Vendor

Oracle
Status
Solaris Pc Netlink
Vendor
CVE Published:
31 December 2002

What is CVE-2002-2323?

The Sun PC NetLink software versions 1.0 through 1.2 contain an access control vulnerability due to improper settings of the access control list (ACL) for files and directories utilizing symbolic links that have been restored from backup. This flaw enables both local and remote attackers to potentially bypass intended access restrictions, posing risks to the integrity and confidentiality of sensitive data.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...
vendor-advisoryx_refsource_SUNALERT
http://www.iss.net/security_center/static/9665.php
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/5281
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.