Vulnerabilities > CVE-2007-3471 - Local Buffer Overflow vulnerability in SUN Solaris 10.0/8.0/9.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125280.NASL description CDE1.6_x86: dtsession patch. Date this patch was last updated by Sun : Nov/16/07 This plugin has been deprecated and either replaced with individual 125280 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25647 published 2007-07-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25647 title Solaris 10 (x86) : 125280-05 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(25647); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-3471"); script_name(english:"Solaris 10 (x86) : 125280-05 (deprecated)"); script_summary(english:"Check for patch 125280-05"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "CDE1.6_x86: dtsession patch. Date this patch was last updated by Sun : Nov/16/07 This plugin has been deprecated and either replaced with individual 125280 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/125280-05" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/07/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 125280 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS8_109354.NASL description CDE 1.4: dtsession patch. Date this patch was last updated by Sun : Jun/25/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13323 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13323 title Solaris 8 (sparc) : 109354-26 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13323); script_version("1.29"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-3471"); script_name(english:"Solaris 8 (sparc) : 109354-26"); script_summary(english:"Check for patch 109354-26"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109354-26" ); script_set_attribute( attribute:"description", value: "CDE 1.4: dtsession patch. Date this patch was last updated by Sun : Jun/25/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1001151.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109354-26", obsoleted_by:"", package:"SUNWdtdte", version:"1.4,REV=10.1999.12.07") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109354-26", obsoleted_by:"", package:"SUNWdtwm", version:"1.4,REV=10.1999.12.02") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109354-26", obsoleted_by:"", package:"SUNWdtma", version:"1.4,REV=10.1999.12.02") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_125279-09.NASL description CDE 1.6: dtsession patch. Date this patch was last updated by Sun : Apr/13/20 last seen 2020-04-17 modified 2020-04-14 plugin id 135435 published 2020-04-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135435 title Solaris 10 (sparc) : 125279-09 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125280-07.NASL description CDE 1.6_x86: dtsession patch. Date this patch was last updated by Sun : Jan/13/20 last seen 2020-06-01 modified 2020-06-02 plugin id 132898 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132898 title Solaris 10 (x86) : 125280-07 NASL family Solaris Local Security Checks NASL id SOLARIS9_113240.NASL description CDE 1.5: dtsession patch. Date this patch was last updated by Sun : Jun/20/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13531 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13531 title Solaris 9 (sparc) : 113240-13 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_113241.NASL description CDE 1.5_x86: dtsession patch. Date this patch was last updated by Sun : Jun/20/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13581 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13581 title Solaris 9 (x86) : 113241-13 NASL family Solaris Local Security Checks NASL id SOLARIS10_125279-07.NASL description CDE 1.6: dtsession patch. Date this patch was last updated by Sun : Jan/13/20 last seen 2020-06-01 modified 2020-06-02 plugin id 132891 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132891 title Solaris 10 (sparc) : 125279-07 NASL family Solaris Local Security Checks NASL id SOLARIS10_125279.NASL description CDE1.6: dtsession patch. Date this patch was last updated by Sun : Nov/27/07 This plugin has been deprecated and either replaced with individual 125279 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25644 published 2007-07-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25644 title Solaris 10 (sparc) : 125279-05 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109355.NASL description CDE 1.4_x86: dtsession patch. Date this patch was last updated by Sun : Jun/25/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13431 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13431 title Solaris 8 (x86) : 109355-25 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125280-09.NASL description CDE 1.6_x86: dtsession patch. Date this patch was last updated by Sun : Apr/13/20 last seen 2020-04-17 modified 2020-04-14 plugin id 135441 published 2020-04-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135441 title Solaris 10 (x86) : 125280-09
Oval
| accepted | 2007-08-02T14:47:15.305-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:2015 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2007-07-03T09:00:00.000-04:00 | ||||||||||||||||||||||||
| title | dtsession(1X) Contains a Buffer Overflow Vulnerability | ||||||||||||||||||||||||
| version | 35 |
References
- http://osvdb.org/36608
- http://secunia.com/advisories/25876
- http://secunia.com/advisories/26136
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102954-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-310.htm
- http://www.securityfocus.com/bid/24687
- http://www.vupen.com/english/advisories/2007/2369
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35127
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2015