Vulnerabilities > CVE-2007-2882 - Denial of Service vulnerability in Sun Solaris NFS Client Module ACL(2) Packets
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 6 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS8_116959.NASL description SunOS 5.8: nfs and rpcmod patch. Date this patch was last updated by Sun : Dec/04/07 last seen 2020-06-01 modified 2020-06-02 plugin id 22507 published 2006-10-05 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22507 title Solaris 8 (sparc) : 116959-21 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(22507); script_version("1.34"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-2882", "CVE-2007-6180"); script_name(english:"Solaris 8 (sparc) : 116959-21"); script_summary(english:"Check for patch 116959-21"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 116959-21" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: nfs and rpcmod patch. Date this patch was last updated by Sun : Dec/04/07" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/116959-21" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:C/A:C"); script_cwe_id(362); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116959-21", obsoleted_by:"127721-02 ", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116959-21", obsoleted_by:"127721-02 ", package:"SUNWcarx", version:"11.8.0,REV=2000.01.13.13.40") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"116959-21", obsoleted_by:"127721-02 ", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_116960.NASL description SunOS 5.8_x86: nfs and rpcmod patch. Date this patch was last updated by Sun : Dec/04/07 last seen 2020-06-01 modified 2020-06-02 plugin id 22508 published 2006-10-05 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22508 title Solaris 8 (x86) : 116960-21 NASL family Solaris Local Security Checks NASL id SOLARIS10_124258.NASL description SunOS 5.10: ufs and nfs driver patch. Date this patch was last updated by Sun : Jun/14/07 last seen 2018-09-01 modified 2018-08-13 plugin id 25274 published 2007-05-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25274 title Solaris 10 (sparc) : 124258-07 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_124259.NASL description SunOS 5.10_x86: ufs and nfs driver patch. Date this patch was last updated by Sun : Jun/12/07 last seen 2018-09-01 modified 2018-08-13 plugin id 25394 published 2007-06-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25394 title Solaris 10 (x86) : 124259-06 NASL family Solaris Local Security Checks NASL id SOLARIS9_113318.NASL description SunOS 5.9: NFS & autofs patch. Date this patch was last updated by Sun : Mar/09/09 last seen 2016-09-26 modified 2013-03-30 plugin id 25397 published 2007-06-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25397 title Solaris 9 (sparc) : 113318-35 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_117468.NASL description SunOS 5.9_x86: NFS patch. Date this patch was last updated by Sun : Mar/09/09 last seen 2016-09-26 modified 2013-03-30 plugin id 25400 published 2007-06-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25400 title Solaris 9 (x86) : 117468-20
Oval
accepted | 2007-07-18T15:57:51.521-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
description | Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets. | ||||
family | unix | ||||
id | oval:org.mitre.oval:def:1957 | ||||
status | accepted | ||||
submitted | 2007-06-15T09:00:00.000-04:00 | ||||
title | Security Vulnerability in NFS Client Module May Lead to a Denial of Service Condition | ||||
version | 35 |
References
- http://osvdb.org/34908
- http://secunia.com/advisories/25403
- http://secunia.com/advisories/25879
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102911-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-245.htm
- http://www.securityfocus.com/bid/24145
- http://www.securitytracker.com/id?1018129
- http://www.vupen.com/english/advisories/2007/1943
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34504
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1957