Privilege Escalation via Invalid Entry in pfexec Function

Privilege Escalation via Invalid Entry in pfexec Function

CVE-2004-1394 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.

Learn more about our Cis Benchmark Audit For Oracle Solaris.