Vulnerabilities > CVE-2007-5726 - Remote Denial of Service vulnerability in SUN Solaris 10.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in the Stream Control Transmission Protocol (sctp) functionality in Sun Solaris 10, when at least one SCTP socket is in the LISTEN state, allows remote attackers to cause a denial of service (panic) via unspecified vectors related to "INIT processing."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_127716.NASL description SunOS 5.10: ip Patch. Date this patch was last updated by Sun : Oct/05/07 last seen 2018-09-01 modified 2018-08-13 plugin id 26958 published 2007-10-09 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26958 title Solaris 10 (sparc) : 127716-01 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(26958); script_version("1.29"); script_name(english: "Solaris 10 (sparc) : 127716-01"); script_cve_id("CVE-2007-5726"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 127716-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: ip Patch. Date this patch was last updated by Sun : Oct/05/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000936.1.html"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2007/10/09"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_end_attributes(); script_summary(english: "Check for patch 127716-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS10_127716-01.NASL description SunOS 5.10: ip Patch. Date this patch was last updated by Sun : Oct/05/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107462 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107462 title Solaris 10 (sparc) : 127716-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107462); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2007-5726"); script_name(english:"Solaris 10 (sparc) : 127716-01"); script_summary(english:"Check for patch 127716-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 127716-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: ip Patch. Date this patch was last updated by Sun : Oct/05/07" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000936.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 127716-01"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127716"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"127716-01", obsoleted_by:"127127-11 127111-02 ", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"127716-01", obsoleted_by:"127127-11 127111-02 ", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWckr / SUNWhea"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_127717-01.NASL description SunOS 5.10_x86: ip Patch. Date this patch was last updated by Sun : Oct/25/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107961 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107961 title Solaris 10 (x86) : 127717-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107961); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5726"); script_name(english:"Solaris 10 (x86) : 127717-01"); script_summary(english:"Check for patch 127717-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 127717-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: ip Patch. Date this patch was last updated by Sun : Oct/25/07" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000936.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 127717-01"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127717"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"127717-01", obsoleted_by:"127112-02 127128-11 ", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"127717-01", obsoleted_by:"127112-02 127128-11 ", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWckr / SUNWhea"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_127717.NASL description SunOS 5.10_x86: ip Patch. Date this patch was last updated by Sun : Oct/25/07 last seen 2018-09-01 modified 2018-08-13 plugin id 37728 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=37728 title Solaris 10 (x86) : 127717-01 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(37728); script_version("1.13"); script_name(english: "Solaris 10 (x86) : 127717-01"); script_cve_id("CVE-2007-5726"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 127717-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: ip Patch. Date this patch was last updated by Sun : Oct/25/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000936.1.html"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2009/04/23"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 127717-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
References
- http://osvdb.org/40815
- http://secunia.com/advisories/27428
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103101-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201252-1
- http://www.securityfocus.com/bid/26224
- http://www.securitytracker.com/id?1018867
- http://www.vupen.com/english/advisories/2007/3633
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38126