CVE-2010-2382

Oracle Solaris 8/9/10 - 'flar' Insecure Temporary File Creation

Severity Score

3.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.

Vulnerabilidad no especificada en Oracle Solaris v8, v9 y v10 permite a usuarios locales afectar la confidencialidad e integridad a través de vectores desconocidos.

Solaris nfslogd suffers from an unsafe use of temporary files vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 3.2

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-06-21 CVE Reserved
2010-07-12 First Exploit
2010-07-13 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (2)

URL	Tag	Source
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/34311	2010-07-12

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Solaris Search vendor "Oracle" for product "Solaris"				8 Search vendor "Oracle" for product "Solaris" and version "8"		-		Affected
Oracle Search vendor "Oracle"		Solaris Search vendor "Oracle" for product "Solaris"				9 Search vendor "Oracle" for product "Solaris" and version "9"		-		Affected
Oracle Search vendor "Oracle"		Solaris Search vendor "Oracle" for product "Solaris"				10 Search vendor "Oracle" for product "Solaris" and version "10"		-		Affected