Vulnerabilities > CVE-2007-3458 - Local Denial of Service vulnerability in SUN Solaris 10.0/8.0/9.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_120036.NASL description SunOS 5.10: libldap patch. Date this patch was last updated by Sun : Aug/31/06 last seen 2018-09-01 modified 2018-08-13 plugin id 43884 published 2010-01-14 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=43884 title Solaris 10 (sparc) : 120036-07 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(43884); script_version("1.12"); script_name(english: "Solaris 10 (sparc) : 120036-07"); script_cve_id("CVE-2007-3458"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 120036-07"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: libldap patch. Date this patch was last updated by Sun : Aug/31/06'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000456.1.html"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2010/01/14"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/26"); script_end_attributes(); script_summary(english: "Check for patch 120036-07"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS8_126373.NASL description SunOS 5.8: libsldap patch. Date this patch was last updated by Sun : Nov/12/07 last seen 2016-09-26 modified 2011-09-18 plugin id 25649 published 2007-07-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25649 title Solaris 8 (sparc) : 126373-05 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(25649); script_version("1.24"); script_name(english: "Solaris 8 (sparc) : 126373-05"); script_cve_id("CVE-2007-3458"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 126373-05"); script_set_attribute(attribute: "description", value: 'SunOS 5.8: libsldap patch. Date this patch was last updated by Sun : Nov/12/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/126373-05"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/02"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/26"); script_end_attributes(); script_summary(english: "Check for patch 126373-05"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.8", arch:"sparc", patch:"126373-05", obsoleted_by:"128624-01 ", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.12"); e += solaris_check_patch(release:"5.8", arch:"sparc", patch:"126373-05", obsoleted_by:"128624-01 ", package:"SUNWarcx", version:"11.8.0,REV=2000.01.08.18.12"); e += solaris_check_patch(release:"5.8", arch:"sparc", patch:"126373-05", obsoleted_by:"128624-01 ", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.12"); e += solaris_check_patch(release:"5.8", arch:"sparc", patch:"126373-05", obsoleted_by:"128624-01 ", package:"SUNWcslx", version:"11.8.0,REV=2000.01.08.18.12"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_112960.NASL description SunOS 5.9: ldap library Patch. Date this patch was last updated by Sun : Jan/05/10 last seen 2016-09-26 modified 2011-09-18 plugin id 13526 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13526 title Solaris 9 (sparc) : 112960-70 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13526); script_version("1.70"); script_name(english: "Solaris 9 (sparc) : 112960-70"); script_cve_id("CVE-2007-3458", "CVE-2009-2029", "CVE-2009-4080"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 112960-70"); script_set_attribute(attribute: "description", value: 'SunOS 5.9: ldap library Patch. Date this patch was last updated by Sun : Jan/05/10'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/112960-70"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/26"); script_end_attributes(); script_summary(english: "Check for patch 112960-70"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWarc", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWarcx", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWcsl", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWcslx", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWcstl", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWcstlx", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWcsu", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWhea", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"112960-70", obsoleted_by:"115695-02 ", package:"SUNWnisu", version:"11.9.0,REV=2002.04.06.15.27"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114242.NASL description SunOS 5.9_x86: ldap library Patch. Date this patch was last updated by Sun : Jan/05/10 last seen 2016-09-26 modified 2011-09-18 plugin id 13595 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13595 title Solaris 9 (x86) : 114242-55 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(13595); script_version("1.64"); script_name(english: "Solaris 9 (x86) : 114242-55"); script_cve_id("CVE-2007-3458", "CVE-2009-2029"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 114242-55"); script_set_attribute(attribute: "description", value: 'SunOS 5.9_x86: ldap library Patch. Date this patch was last updated by Sun : Jan/05/10'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/114242-55"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/07/12"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/26"); script_end_attributes(); script_summary(english: "Check for patch 114242-55"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114242-55", obsoleted_by:"115696-02 ", package:"SUNWarc", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114242-55", obsoleted_by:"115696-02 ", package:"SUNWcsl", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114242-55", obsoleted_by:"115696-02 ", package:"SUNWcstl", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114242-55", obsoleted_by:"115696-02 ", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114242-55", obsoleted_by:"115696-02 ", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114242-55", obsoleted_by:"115696-02 ", package:"SUNWnisu", version:"11.9.0,REV=2002.11.04.02.51"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_126374.NASL description SunOS 5.8_x86: libsldap patch. Date this patch was last updated by Sun : Nov/12/07 last seen 2016-09-26 modified 2011-09-18 plugin id 25651 published 2007-07-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25651 title Solaris 8 (x86) : 126374-05 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(25651); script_version("1.22"); script_name(english: "Solaris 8 (x86) : 126374-05"); script_cve_id("CVE-2007-3458"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 126374-05"); script_set_attribute(attribute: "description", value: 'SunOS 5.8_x86: libsldap patch. Date this patch was last updated by Sun : Nov/12/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/126374-05"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/02"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/26"); script_end_attributes(); script_summary(english: "Check for patch 126374-05"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"126374-05", obsoleted_by:"128625-01 ", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.17"); e += solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"126374-05", obsoleted_by:"128625-01 ", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.17"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");
Oval
| accepted | 2007-09-27T08:57:45.094-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:2143 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2007-08-10T12:25:18.000-04:00 | ||||||||||||||||||||||||
| title | Security Vulnerability in the Solaris libsldap Library May Allow a Denial of Service to nscd(1M) | ||||||||||||||||||||||||
| version | 36 |
References
- http://osvdb.org/36594
- http://secunia.com/advisories/25854
- http://secunia.com/advisories/26125
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102926-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-313.htm
- http://www.securityfocus.com/bid/24654
- http://www.securitytracker.com/id?1018316
- http://www.vupen.com/english/advisories/2007/2338
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35096
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2143