Vulnerabilities > CVE-2008-2090 - Resource Management Errors vulnerability in SUN Solaris 10
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_127127.NASL description SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Apr/25/08 This plugin has been deprecated and either replaced with individual 127127 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 32164 published 2008-05-09 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=32164 title Solaris 10 (sparc) : 127127-11 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(32164); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-2089", "CVE-2008-2090", "CVE-2008-2144"); script_bugtraq_id(29023, 29024, 29135); script_xref(name:"IAVT", value:"2008-T-0018"); script_xref(name:"IAVT", value:"2008-T-0021"); script_name(english:"Solaris 10 (sparc) : 127127-11 (deprecated)"); script_summary(english:"Check for patch 127127-11"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Apr/25/08 This plugin has been deprecated and either replaced with individual 127127 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/127127-11" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(16, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 127127 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_127128.NASL description SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Apr/28/08 This plugin has been deprecated and either replaced with individual 127128 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 32170 published 2008-05-09 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=32170 title Solaris 10 (x86) : 127128-11 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(32170); script_version("1.25"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-2089", "CVE-2008-2090", "CVE-2008-2144"); script_bugtraq_id(29023, 29024, 29135); script_xref(name:"IAVT", value:"2008-T-0018"); script_xref(name:"IAVT", value:"2008-T-0021"); script_name(english:"Solaris 10 (x86) : 127128-11 (deprecated)"); script_summary(english:"Check for patch 127128-11"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Apr/28/08 This plugin has been deprecated and either replaced with individual 127128 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/127128-11" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(16, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 127128 instead.");
Oval
| accepted | 2008-06-16T04:00:07.192-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5258 | ||||||||
| status | accepted | ||||||||
| submitted | 2008-05-05T13:33:55.000-04:00 | ||||||||
| title | Security Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Denial of Network Services Due to Network Flooding | ||||||||
| version | 36 |
References
- http://secunia.com/advisories/29973
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-236521-1
- http://www.securityfocus.com/bid/29024
- http://www.securitytracker.com/id?1019962
- http://www.vupen.com/english/advisories/2008/1429/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42160
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5258