CVE-2010-0271
CVE-2010-0271 is a medium-severity vulnerability in Sun Opensolaris with a CVSS 2.0 base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-264.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.6)
- EPSS exploit prediction: 0% (24th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-264
- Affected product: Sun Opensolaris
- Published:
- Last modified:
Description
hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification.
Frequently asked questions
- What is CVE-2010-0271?
- hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification.
- How severe is CVE-2010-0271?
- CVE-2010-0271 has a CVSS 2.0 base score of 4.6, rated medium severity.
- Is CVE-2010-0271 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (24th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2010-0271?
- CVE-2010-0271 primarily affects Sun Opensolaris. In total, 160 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2010-0271?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2010-0271 published?
- CVE-2010-0271 was published on 2010-01-08 and last updated on 2026-06-16.
References
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-274830-1
- http://www.securityfocus.com/bid/37656
- http://www.securitytracker.com/id?1023416
- http://www.vupen.com/english/advisories/2010/0076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55461
Affected products (160)
- cpe:2.3:o:sun:opensolaris:snv_51:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_52:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_53:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_54:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_55:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_56:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_57:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_58:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_59:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_60:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_61:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_62:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_63:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_64:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_65:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_66:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_67:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_68:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_69:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_70:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_71:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_72:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_73:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_74:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_75:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_76:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_77:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_78:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_79:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_80:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_81:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_82:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_83:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_84:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_85:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_86:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_87:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_88:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_89:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:opensolaris:snv_90:*:x86:*:*:*:*:*
More vulnerabilities in Sun Opensolaris
- CVE-2009-2296 — Critical (CVSS 10.0): The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the…
- CVE-2008-5010 — Critical (CVSS 10.0): in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote…
- CVE-2016-1291 — Critical (CVSS 9.8): Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote…
- CVE-2016-1329 — Critical (CVSS 9.8): Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1)…
- CVE-2015-6319 — Critical (CVSS 9.8): SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to…
- CVE-2008-0965 — Critical (CVSS 9.3): Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o…
All CVEs affecting Sun Opensolaris →
Other CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities
- CVE-2016-8363 — Critical (CVSS 10.0): An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232…
- CVE-2016-7457 — Critical (CVSS 10.0): VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt…
- CVE-2015-7425 — Critical (CVSS 10.0): The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data…
- CVE-2015-8267 — Critical (CVSS 10.0): The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self…
- CVE-2015-7919 — Critical (CVSS 10.0): SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of…
- CVE-2015-7071 — Critical (CVSS 10.0): The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for…
Browse all CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities →