Vulnerabilities > CVE-2007-5225 - Numeric Errors vulnerability in SUN Sunos 5.10/5.8/5.9
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Solaris 8/9/10 fifofs I_PEEK Local Kernel memory Leak Exploit. CVE-2007-5225. Local exploit for solaris platform file exploits/solaris/local/5227.c id EDB-ID:5227 last seen 2016-01-31 modified 2008-03-10 platform solaris port published 2008-03-10 reporter Marco Ivaldi source https://www.exploit-db.com/download/5227/ title Solaris 8/9/10 - fifofs I_PEEK Local Kernel Memory Leak Exploit type local id EDB-ID:4516
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_117472.NASL description SunOS 5.9_x86: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2020-06-01 modified 2020-06-02 plugin id 27097 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27097 title Solaris 9 (x86) : 117472-04 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(27097); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5225"); script_name(english:"Solaris 9 (x86) : 117472-04"); script_summary(english:"Check for patch 117472-04"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 117472-04" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000506.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"117472-04", obsoleted_by:"", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"117472-04", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"117472-04", obsoleted_by:"", package:"SUNWcsr", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS10_127737.NASL description SunOS 5.10: fifofs patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2018-09-01 modified 2018-08-13 plugin id 26908 published 2007-10-03 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26908 title Solaris 10 (sparc) : 127737-01 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(26908); script_version("1.24"); script_name(english: "Solaris 10 (sparc) : 127737-01"); script_cve_id("CVE-2007-5225"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 127737-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: fifofs patch. Date this patch was last updated by Sun : Oct/02/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000506.1.html"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_publication_date", value: "2007/10/03"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_set_attribute(attribute:"patch_publication_date", value: "2007/10/02"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/02"); script_end_attributes(); script_summary(english: "Check for patch 127737-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_127738.NASL description SunOS 5.10_x86: fifofs patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2018-09-01 modified 2018-08-13 plugin id 27084 published 2007-10-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=27084 title Solaris 10 (x86) : 127738-01 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(27084); script_version("1.23"); script_name(english: "Solaris 10 (x86) : 127738-01"); script_cve_id("CVE-2007-5225"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 127738-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: fifofs patch. Date this patch was last updated by Sun : Oct/02/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000506.1.html"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_publication_date", value: "2007/10/17"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_set_attribute(attribute:"patch_publication_date", value: "2007/10/02"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/02"); script_end_attributes(); script_summary(english: "Check for patch 127738-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
NASL family Solaris Local Security Checks NASL id SOLARIS8_109454.NASL description SunOS 5.8: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2020-06-01 modified 2020-06-02 plugin id 26909 published 2007-10-03 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26909 title Solaris 8 (sparc) : 109454-06 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(26909); script_version("1.22"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5225"); script_name(english:"Solaris 8 (sparc) : 109454-06"); script_summary(english:"Check for patch 109454-06"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109454-06" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000506.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109454-06", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109454-06", obsoleted_by:"", package:"SUNWcarx", version:"11.8.0,REV=2000.01.13.13.40") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109454-06", obsoleted_by:"", package:"SUNWcsxu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109454-06", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109454-06", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS10_127737-01.NASL description SunOS 5.10: fifofs patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107464 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107464 title Solaris 10 (sparc) : 127737-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107464); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2007-5225"); script_name(english:"Solaris 10 (sparc) : 127737-01"); script_summary(english:"Check for patch 127737-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 127737-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: fifofs patch. Date this patch was last updated by Sun : Oct/02/07" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000506.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 127737-01"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127737"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"127737-01", obsoleted_by:"138373-02 144500-19 ", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWckr"); }
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_127738-01.NASL description SunOS 5.10_x86: fifofs patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107963 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107963 title Solaris 10 (x86) : 127738-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107963); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5225"); script_name(english:"Solaris 10 (x86) : 127738-01"); script_summary(english:"Check for patch 127738-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 127738-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: fifofs patch. Date this patch was last updated by Sun : Oct/02/07" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000506.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 127738-01"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127738"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"127738-01", obsoleted_by:"144501-19 138374-02 ", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWckr"); }
NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109455.NASL description SunOS 5.8_x86: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2020-06-01 modified 2020-06-02 plugin id 27088 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27088 title Solaris 8 (x86) : 109455-06 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(27088); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5225"); script_name(english:"Solaris 8 (x86) : 109455-06"); script_summary(english:"Check for patch 109455-06"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109455-06" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000506.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109455-06", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109455-06", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109455-06", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_117471.NASL description SunOS 5.9: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07 last seen 2020-06-01 modified 2020-06-02 plugin id 26910 published 2007-10-03 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26910 title Solaris 9 (sparc) : 117471-04 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(26910); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5225"); script_name(english:"Solaris 9 (sparc) : 117471-04"); script_summary(english:"Check for patch 117471-04"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 117471-04" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: connld, fifofs, fifonode patch. Date this patch was last updated by Sun : Oct/02/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000506.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"117471-04", obsoleted_by:"", package:"SUNWhea", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"117471-04", obsoleted_by:"", package:"SUNWcarx", version:"11.9.0,REV=2002.04.09.12.25") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"117471-04", obsoleted_by:"", package:"SUNWcsxu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"117471-04", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"117471-04", obsoleted_by:"", package:"SUNWcsr", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
Oval
accepted | 2007-11-13T12:01:06.734-05:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:2170 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2007-10-10T07:52:08.000-04:00 | ||||||||||||||||||||||||
title | Security Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unauthorized Data Access | ||||||||||||||||||||||||
version | 35 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/64468/solaris-memleak.txt |
id | PACKETSTORM:64468 |
last seen | 2016-12-05 |
published | 2008-03-13 |
reporter | Marco Ivaldi |
source | https://packetstormsecurity.com/files/64468/solaris-memleak.txt.html |
title | solaris-memleak.txt |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:7976 last seen 2017-11-19 modified 2008-03-11 published 2008-03-11 reporter Root source https://www.seebug.org/vuldb/ssvid-7976 title Solaris 8/9/10 fifofs I_PEEK Local Kernel memory Leak Exploit bulletinFamily exploit description No description provided by source. id SSV:65240 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-65240 title Solaris 8/9/10 - fifofs I_PEEK Local Kernel Memory Leak Exploit bulletinFamily exploit description BUGTRAQ ID: 25905 CVE(CAN) ID: CVE-2007-5225 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris内核的FIFO实现上存在漏洞,本地攻击者可能利用此漏洞获取内核的敏感信息。 Solaris中的FIFO内核ioctl()处理器存在安全漏洞,该处理器使用I_PEEK ioctl读取FIFO中的一些字节,但没有将这些字节从队列中删除。该命令中的一个参数代表所要读取的字节数,而该参数为整型整数值。由于没有正确地验证这个参数,因此负值就可以导致泄露大量的内核内存内容。 Sun Solaris 9.0 Sun Solaris 8.0 Sun Solaris 10.0 Sun已经为此发布了一个安全公告(Sun-Alert-103061)以及相应补丁: Sun-Alert-103061:Security Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unauthorized Data Access 链接:<a href="http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103061-1" target="_blank">http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-103061-1</a> id SSV:2274 last seen 2017-11-19 modified 2007-10-09 published 2007-10-09 reporter Root title Sun Solaris I_PEEK IOCTL处理器本地信息泄露漏洞
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=603
- http://secunia.com/advisories/27024
- http://secunia.com/advisories/27654
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103061-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-463.htm
- http://www.securityfocus.com/archive/1/481501/100/0/threaded
- http://www.securityfocus.com/bid/25905
- http://www.securitytracker.com/id?1018766
- http://www.vupen.com/english/advisories/2007/3339
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36918
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2170
- https://www.exploit-db.com/exploits/4516
- https://www.exploit-db.com/exploits/5227