Vulnerabilities > CVE-2007-2882 - Denial of Service vulnerability in Sun Solaris NFS Client Module ACL(2) Packets

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
sun
nessus

Summary

Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.

Vulnerable Configurations

Part Description Count
OS
Sun
6

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_116959.NASL
    descriptionSunOS 5.8: nfs and rpcmod patch. Date this patch was last updated by Sun : Dec/04/07
    last seen2020-06-01
    modified2020-06-02
    plugin id22507
    published2006-10-05
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22507
    titleSolaris 8 (sparc) : 116959-21
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(22507);
      script_version("1.34");
      script_cvs_date("Date: 2019/10/25 13:36:24");
    
      script_cve_id("CVE-2007-2882", "CVE-2007-6180");
    
      script_name(english:"Solaris 8 (sparc) : 116959-21");
      script_summary(english:"Check for patch 116959-21");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 116959-21"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8: nfs and rpcmod patch.
    Date this patch was last updated by Sun : Dec/04/07"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/116959-21"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:C/A:C");
      script_cwe_id(362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116959-21", obsoleted_by:"127721-02 ", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116959-21", obsoleted_by:"127721-02 ", package:"SUNWcarx", version:"11.8.0,REV=2000.01.13.13.40") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116959-21", obsoleted_by:"127721-02 ", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_116960.NASL
    descriptionSunOS 5.8_x86: nfs and rpcmod patch. Date this patch was last updated by Sun : Dec/04/07
    last seen2020-06-01
    modified2020-06-02
    plugin id22508
    published2006-10-05
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22508
    titleSolaris 8 (x86) : 116960-21
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_124258.NASL
    descriptionSunOS 5.10: ufs and nfs driver patch. Date this patch was last updated by Sun : Jun/14/07
    last seen2018-09-01
    modified2018-08-13
    plugin id25274
    published2007-05-20
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=25274
    titleSolaris 10 (sparc) : 124258-07
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_124259.NASL
    descriptionSunOS 5.10_x86: ufs and nfs driver patch. Date this patch was last updated by Sun : Jun/12/07
    last seen2018-09-01
    modified2018-08-13
    plugin id25394
    published2007-06-04
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=25394
    titleSolaris 10 (x86) : 124259-06
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113318.NASL
    descriptionSunOS 5.9: NFS & autofs patch. Date this patch was last updated by Sun : Mar/09/09
    last seen2016-09-26
    modified2013-03-30
    plugin id25397
    published2007-06-04
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=25397
    titleSolaris 9 (sparc) : 113318-35
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_117468.NASL
    descriptionSunOS 5.9_x86: NFS patch. Date this patch was last updated by Sun : Mar/09/09
    last seen2016-09-26
    modified2013-03-30
    plugin id25400
    published2007-06-04
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=25400
    titleSolaris 9 (x86) : 117468-20

Oval

accepted2007-07-18T15:57:51.521-04:00
classvulnerability
contributors
nameJohn Wregglesworth
organizationOpsware, Inc.
descriptionUnspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
familyunix
idoval:org.mitre.oval:def:1957
statusaccepted
submitted2007-06-15T09:00:00.000-04:00
titleSecurity Vulnerability in NFS Client Module May Lead to a Denial of Service Condition
version35