CVE-2005-2136

Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.
References
Link Resource
http://seclists.org/lists/bugtraq/2005/Jun/0251.html Exploit Mailing List Patch Third Party Advisory Vendor Advisory
http://secunia.com/advisories/15853 Not Applicable Patch Vendor Advisory
http://www.securityfocus.com/bid/14084 Broken Link Third Party Advisory VDB Entry
http://seclists.org/lists/bugtraq/2005/Jun/0251.html Exploit Mailing List Patch Third Party Advisory Vendor Advisory
http://secunia.com/advisories/15853 Not Applicable Patch Vendor Advisory
http://www.securityfocus.com/bid/14084 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:raritan:dominion_sx4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:raritan:dominion_sx8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx8:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:raritan:dominion_sx16_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx16:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:raritan:dominion_sx32_firmware:2.4.6:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx32:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:raritan:dominion_sxa-48_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sxa-48:-:*:*:*:*:*:*:*

History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Mailing List, Patch, Third Party Advisory, Vendor Advisory () http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Mailing List, Patch, Third Party Advisory, Vendor Advisory
References () http://secunia.com/advisories/15853 - Not Applicable, Patch, Vendor Advisory () http://secunia.com/advisories/15853 - Not Applicable, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/14084 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/14084 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2005-07-05 04:00

Updated : 2024-11-20 23:58


NVD link : CVE-2005-2136

Mitre link : CVE-2005-2136

CVE.ORG link : CVE-2005-2136


JSON object : View

Products Affected

raritan

  • dominion_sx8_firmware
  • dominion_sx16
  • dominion_sx32_firmware
  • dominion_sx8
  • dominion_sxa-48_firmware
  • dominion_sx4
  • dominion_sx4_firmware
  • dominion_sx32
  • dominion_sx16_firmware
  • dominion_sxa-48
CWE
CWE-863

Incorrect Authorization