{"vuid":"VU#976470","idnumber":"976470","name":"Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access","keywords":["Sun","Enterprise Storage Manger","root access","ESM","StorEdge"],"overview":"A vulnerability exists in Sun StorEdge Enterprise Storage Manager (ESM) that may allow unauthorized local users to gain root privileges.","clean_desc":"The Sun StorEdge Enterprise Storage Manager (ESM) version 2.1 for the Sun SPARC platform may allow non-root local users assigned the \"EMSUser\" role to gain root privileges on a StorEdge management station.","impact":"This vulnerability may allow local users to gain unauthorized root access to the system.","resolution":"Sun released a patch labeled 117367-01 to address this issue.","workarounds":"Remove the \"ESMUser\" role from all non-root or untrusted users on the management station.","sysaffected":"","thanks":"This vulnerability was publicly reported by Sun Alert Notification.","author":"This document was written by Jeff Gennari.","public":["http://sunsolve.sun.com/search/document.do?assetkey=1-26-57581-1","http://www.osvdb.org/displayvuln.php?osvdb_id=7247","http://secunia.com/advisories/11935/","http://sunsolve.sun.com/search/document.do?assetkey=1-21-117367-01-1&searchclause=117367-01"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-06-22T17:12:43Z","publicdate":"2004-06-21T00:00:00Z","datefirstpublished":"2004-09-03T17:11:22Z","dateupdated":"2004-09-08T20:43:10Z","revision":73,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"16","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"19","cam_easeofexploitation":"3","cam_attackeraccessrequired":"10","cam_scorecurrent":"2.030625","cam_scorecurrentwidelyknown":"2.458125","cam_scorecurrentwidelyknownexploited":"4.595625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.030625,"vulnote":null}