CVE-2005-2136

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2136
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/lists/bugtraq/2005/Jun/0251.html Exploit Mailing List Patch Third Party Advisory Vendor Advisory
http://www.securityfocus.com/bid/14084 Broken Link Third Party Advisory VDB Entry
http://secunia.com/advisories/15853 Not Applicable Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:raritan:dominion_sx4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:raritan:dominion_sx8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx8:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:raritan:dominion_sx16_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx16:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:raritan:dominion_sx32_firmware:2.4.6:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx32:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:raritan:dominion_sxa-48_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sxa-48:-:*:*:*:*:*:*:*
History

25 Apr 2023, 17:27

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-863
First Time Raritan dominion Sxa-48 Firmware
Raritan dominion Sx32
Raritan dominion Sx16 Firmware
Raritan dominion Sx8 Firmware
Raritan dominion Sx16
Raritan dominion Sx4
Raritan dominion Sx4 Firmware
Raritan dominion Sx32 Firmware
Raritan dominion Sx8
Raritan dominion Sxa-48
References (SECUNIA) http://secunia.com/advisories/15853 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/15853 - Not Applicable, Patch, Vendor Advisory
References (BUGTRAQ) http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Patch, Vendor Advisory (BUGTRAQ) http://seclists.org/lists/bugtraq/2005/Jun/0251.html - Exploit, Mailing List, Patch, Third Party Advisory, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/14084 - (BID) http://www.securityfocus.com/bid/14084 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:h:raritan:dominion:sx16:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx4:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx32:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sxa-48:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx8:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion:sx32_2.4.6_firmware:*:*:*:*:*:*:*		 cpe:2.3:h:raritan:dominion_sxa-48:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx8:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sx8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx16:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sx32_firmware:2.4.6:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx32:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sx4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sxa-48_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:raritan:dominion_sx16_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:raritan:dominion_sx4:-:*:*:*:*:*:*:*
Information

Published : 2005-07-05 04:00

Updated : 2023-04-25 17:27

NVD link : CVE-2005-2136

Mitre link : CVE-2005-2136

JSON object : View

Products Affected

raritan

  • dominion_sx16_firmware
  • dominion_sx32
  • dominion_sx32_firmware
  • dominion_sx8_firmware
  • dominion_sxa-48
  • dominion_sx8
  • dominion_sxa-48_firmware
  • dominion_sx4
  • dominion_sx16
  • dominion_sx4_firmware
CWE
CWE-863

Incorrect Authorization