Vulnerabilities > CVE-2007-0914 - Remote Denial of Service vulnerability in SUN Solaris 10.0

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
sun
nessus

Summary

Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.

Vulnerable Configurations

Part Description Count
OS
Sun
1

Nessus

NASL familySolaris Local Security Checks
NASL idSOLARIS10_119998.NASL
descriptionSunOS 5.10: arp, ip, ipsecah drivers patch. Date this patch was last updated by Sun : Feb/09/07
last seen2018-09-01
modified2018-08-13
plugin id24372
published2007-02-18
reporterTenable
sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24372
titleSolaris 10 (sparc) : 119998-02
code
#%NASL_MIN_LEVEL 80502

# @DEPRECATED@
#
# This script has been deprecated as the associated patch is not
# currently a recommended security fix.
#
# Disabled on 2011/09/17.

#
# (C) Tenable Network Security, Inc.
#
#

if ( ! defined_func("bn_random") ) exit(0);
include("compat.inc");

if(description)
{
 script_id(24372);
 script_version("1.22");

 script_name(english: "Solaris 10 (sparc) : 119998-02");
 script_cve_id("CVE-2006-4117", "CVE-2007-0914");
 script_set_attribute(attribute: "synopsis", value:
"The remote host is missing Sun Security Patch number 119998-02");
 script_set_attribute(attribute: "description", value:
'SunOS 5.10: arp, ip, ipsecah drivers patch.
Date this patch was last updated by Sun : Feb/09/07');
 script_set_attribute(attribute: "solution", value:
"You should install this patch for your system to be up-to-date.");
 script_set_attribute(attribute: "see_also", value:
"https://getupdates.oracle.com/readme/119998-02");
 script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18");
 script_cvs_date("Date: 2019/10/25 13:36:23");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/08/09");
 script_end_attributes();

 script_summary(english: "Check for patch 119998-02");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
 family["english"] = "Solaris Local Security Checks";
 script_family(english:family["english"]);
 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/Solaris/showrev");
 exit(0);
}



# Deprecated.
exit(0, "The associated patch is not currently a recommended security fix.");

Oval

accepted2007-08-01T22:26:15.758-04:00
classvulnerability
contributors
nameGyesi Amaniampong
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionRace condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
familyunix
idoval:org.mitre.oval:def:2120
statusaccepted
submitted2007-06-28T09:00:00.000-04:00
titleA Security Vulnerability in the TCP Implementation of Solaris 10 Systems May Result in a System Panic Under High TCP/IP Traffic
version36