CVE-2005-2136

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2136
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/lists/bugtraq/2005/Jun/0251.html Exploit Mailing List Patch Third Party Advisory Vendor Advisory
http://secunia.com/advisories/15853 Not Applicable Patch Vendor Advisory
http://www.securityfocus.com/bid/14084 Broken Link Third Party Advisory VDB Entry
http://seclists.org/lists/bugtraq/2005/Jun/0251.html Exploit Mailing List Patch Third Party Advisory Vendor Advisory
http://secunia.com/advisories/15853 Not Applicable Patch Vendor Advisory
http://www.securityfocus.com/bid/14084 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:raritan:dominion_sx4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:raritan:dominion_sx8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx8:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:raritan:dominion_sx16_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx16:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:raritan:dominion_sx32_firmware:2.4.6:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx32:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:raritan:dominion_sxa-48_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sxa-48:-:*:*:*:*:*:*:*
History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Mailing List, Patch, Third Party Advisory, Vendor Advisory () http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Mailing List, Patch, Third Party Advisory, Vendor Advisory
References () http://secunia.com/advisories/15853 - Not Applicable, Patch, Vendor Advisory () http://secunia.com/advisories/15853 - Not Applicable, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/14084 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/14084 - Broken Link, Third Party Advisory, VDB Entry

25 Apr 2023, 17:27

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-863
References (SECUNIA) http://secunia.com/advisories/15853 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/15853 - Not Applicable, Patch, Vendor Advisory
References (BUGTRAQ) http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Patch, Vendor Advisory (BUGTRAQ) http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Mailing List, Patch, Third Party Advisory, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/14084 - (BID) http://www.securityfocus.com/bid/14084 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:h:raritan:dominion:sx4:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx8:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx32_2.4.6_firmware:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sxa-48:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx32:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx16:*:*:*:*:*:*:*		 cpe:2.3:o:raritan:dominion_sx8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sx16_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sxa-48:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sxa-48_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx4:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sx32_firmware:2.4.6:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx32:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx16:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx8:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sx4_firmware:-:*:*:*:*:*:*:*
Information

Published : 2005-07-05 04:00

Updated : 2024-11-20 23:58

NVD link : CVE-2005-2136

Mitre link : CVE-2005-2136

CVE.ORG link : CVE-2005-2136

JSON object : View

Products Affected

raritan

  • dominion_sx8_firmware
  • dominion_sx4_firmware
  • dominion_sx8
  • dominion_sx32_firmware
  • dominion_sxa-48_firmware
  • dominion_sx16
  • dominion_sx16_firmware
  • dominion_sx32
  • dominion_sxa-48
  • dominion_sx4
CWE
CWE-863

Incorrect Authorization