Vulnerabilities > CVE-2007-3471 - Unspecified vulnerability in SUN Solaris 10.0/8.0/9.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sun

nessus

NVD

Published: 2007-06-28

Updated: 2024-11-21

Summary

Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Solaris 8.0 SUN Solaris 9.0 SUN Solaris 10.0	6

Nessus

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125280.NASL
description	CDE1.6_x86: dtsession patch. Date this patch was last updated by Sun : Nov/16/07 This plugin has been deprecated and either replaced with individual 125280 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	25647
published	2007-07-02
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=25647
title	Solaris 10 (x86) : 125280-05 (deprecated)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(25647); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-3471"); script_name(english:"Solaris 10 (x86) : 125280-05 (deprecated)"); script_summary(english:"Check for patch 125280-05"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "CDE1.6_x86: dtsession patch. Date this patch was last updated by Sun : Nov/16/07 This plugin has been deprecated and either replaced with individual 125280 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/125280-05" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 125280 instead.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_109354.NASL
description	CDE 1.4: dtsession patch. Date this patch was last updated by Sun : Jun/25/07
last seen	2020-06-01
modified	2020-06-02
plugin id	13323
published	2004-07-12
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13323
title	Solaris 8 (sparc) : 109354-26
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13323); script_version("1.29"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-3471"); script_name(english:"Solaris 8 (sparc) : 109354-26"); script_summary(english:"Check for patch 109354-26"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109354-26" ); script_set_attribute( attribute:"description", value: "CDE 1.4: dtsession patch. Date this patch was last updated by Sun : Jun/25/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1001151.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109354-26", obsoleted_by:"", package:"SUNWdtdte", version:"1.4,REV=10.1999.12.07") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109354-26", obsoleted_by:"", package:"SUNWdtwm", version:"1.4,REV=10.1999.12.02") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109354-26", obsoleted_by:"", package:"SUNWdtma", version:"1.4,REV=10.1999.12.02") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125279-09.NASL
description	CDE 1.6: dtsession patch. Date this patch was last updated by Sun : Apr/13/20
last seen	2020-04-17
modified	2020-04-14
plugin id	135435
published	2020-04-14
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135435
title	Solaris 10 (sparc) : 125279-09

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125280-07.NASL
description	CDE 1.6_x86: dtsession patch. Date this patch was last updated by Sun : Jan/13/20
last seen	2020-06-01
modified	2020-06-02
plugin id	132898
published	2020-01-15
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132898
title	Solaris 10 (x86) : 125280-07

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_113240.NASL
description	CDE 1.5: dtsession patch. Date this patch was last updated by Sun : Jun/20/07
last seen	2020-06-01
modified	2020-06-02
plugin id	13531
published	2004-07-12
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13531
title	Solaris 9 (sparc) : 113240-13

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_113241.NASL
description	CDE 1.5_x86: dtsession patch. Date this patch was last updated by Sun : Jun/20/07
last seen	2020-06-01
modified	2020-06-02
plugin id	13581
published	2004-07-12
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13581
title	Solaris 9 (x86) : 113241-13

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125279-07.NASL
description	CDE 1.6: dtsession patch. Date this patch was last updated by Sun : Jan/13/20
last seen	2020-06-01
modified	2020-06-02
plugin id	132891
published	2020-01-15
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132891
title	Solaris 10 (sparc) : 125279-07

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_125279.NASL
description	CDE1.6: dtsession patch. Date this patch was last updated by Sun : Nov/27/07 This plugin has been deprecated and either replaced with individual 125279 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	25644
published	2007-07-02
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=25644
title	Solaris 10 (sparc) : 125279-05 (deprecated)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_X86_109355.NASL
description	CDE 1.4_x86: dtsession patch. Date this patch was last updated by Sun : Jun/25/07
last seen	2020-06-01
modified	2020-06-02
plugin id	13431
published	2004-07-12
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13431
title	Solaris 8 (x86) : 109355-25

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_125280-09.NASL
description	CDE 1.6_x86: dtsession patch. Date this patch was last updated by Sun : Apr/13/20
last seen	2020-04-17
modified	2020-04-14
plugin id	135441
published	2020-04-14
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135441
title	Solaris 10 (x86) : 125280-09

Oval

accepted

2007-08-02T14:47:15.305-04:00

class

vulnerability

contributors

name	Yuzheng Zhou
organization	Opsware, Inc.

definition_extensions

comment Solaris 8 (SPARC) is installed
oval oval:org.mitre.oval:def:1539
comment Solaris 8 (x86) is installed
oval oval:org.mitre.oval:def:2059
comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683
comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.

family

unix

oval:org.mitre.oval:def:2015

status

accepted

submitted

2007-07-03T09:00:00.000-04:00

title

dtsession(1X) Contains a Buffer Overflow Vulnerability

version

Summary

Vulnerable Configurations

Nessus

Oval

References