Vulnerabilities > CVE-2008-2144 - Remote Code Execution vulnerability in SUN Sunos 5.10/5.8/5.9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_127127.NASL description SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Apr/25/08 This plugin has been deprecated and either replaced with individual 127127 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 32164 published 2008-05-09 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=32164 title Solaris 10 (sparc) : 127127-11 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(32164); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-2089", "CVE-2008-2090", "CVE-2008-2144"); script_bugtraq_id(29023, 29024, 29135); script_xref(name:"IAVT", value:"2008-T-0018"); script_xref(name:"IAVT", value:"2008-T-0021"); script_name(english:"Solaris 10 (sparc) : 127127-11 (deprecated)"); script_summary(english:"Check for patch 127127-11"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Apr/25/08 This plugin has been deprecated and either replaced with individual 127127 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/127127-11" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(16, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 127127 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS9_112920.NASL description SunOS 5.9: libipp, lp, IKE Patch. Date this patch was last updated by Sun : Apr/08/11 last seen 2020-06-01 modified 2020-06-02 plugin id 53353 published 2011-04-11 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/53353 title Solaris 9 (sparc) : 112920-03 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(53353); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2008-2144"); script_bugtraq_id(29135); script_xref(name:"IAVT", value:"2008-T-0021"); script_name(english:"Solaris 9 (sparc) : 112920-03"); script_summary(english:"Check for patch 112920-03"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 112920-03" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: libipp, lp, IKE Patch. Date this patch was last updated by Sun : Apr/08/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/112920-03" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2011/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/11"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWcstlx", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWhea", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWarcx", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWcstl", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWscplp", version:"13.1,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWpsf", version:"13.1,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWpsr", version:"13.1,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWpsu", version:"13.1,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWmdbx", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWcslx", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWppm", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWmdb", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWcsr", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWpcu", version:"13.1,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWcsl", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112920-03", obsoleted_by:"", package:"SUNWarc", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_127128.NASL description SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Apr/28/08 This plugin has been deprecated and either replaced with individual 127128 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 32170 published 2008-05-09 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=32170 title Solaris 10 (x86) : 127128-11 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(32170); script_version("1.25"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-2089", "CVE-2008-2090", "CVE-2008-2144"); script_bugtraq_id(29023, 29024, 29135); script_xref(name:"IAVT", value:"2008-T-0018"); script_xref(name:"IAVT", value:"2008-T-0021"); script_name(english:"Solaris 10 (x86) : 127128-11 (deprecated)"); script_summary(english:"Check for patch 127128-11"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Apr/28/08 This plugin has been deprecated and either replaced with individual 127128 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/127128-11" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(16, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/09"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 127128 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114423.NASL description SunOS 5.9_x86: format, lp, IKE patch. Date this patch was last updated by Sun : Mar/18/11 last seen 2020-06-01 modified 2020-06-02 plugin id 22248 published 2006-08-21 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22248 title Solaris 9 (x86) : 114423-09 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(22248); script_version("1.27"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2006-4319", "CVE-2008-2144"); script_bugtraq_id(29135); script_xref(name:"IAVT", value:"2008-T-0021"); script_name(english:"Solaris 9 (x86) : 114423-09"); script_summary(english:"Check for patch 114423-09"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114423-09" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: format, lp, IKE patch. Date this patch was last updated by Sun : Mar/18/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/114423-09" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2011/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/21"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWcstl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWscplp", version:"13.1,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWpsf", version:"13.1,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWpsr", version:"13.1,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWpsu", version:"13.1,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWppm", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWcsr", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWpcu", version:"13.1,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114423-09", obsoleted_by:"", package:"SUNWcsl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_109320.NASL description SunOS 5.8: lp patch. Date this patch was last updated by Sun : Nov/07/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13319 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13319 title Solaris 8 (sparc) : 109320-22 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109321.NASL description SunOS 5.8_x86: lp patch. Date this patch was last updated by Sun : Nov/07/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13427 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13427 title Solaris 8 (x86) : 109321-22
Oval
| accepted | 2008-06-23T04:00:12.580-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:5269 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2008-05-14T13:20:42.000-04:00 | ||||||||||||||||||||||||
| title | Security Vulnerabilities in Solaris Print Service May Lead to Denial of Service (DoS) or Execution of Arbitrary Code | ||||||||||||||||||||||||
| version | 37 |
References
- http://secunia.com/advisories/30184
- http://secunia.com/advisories/30473
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-236884-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-216.htm
- http://www.securityfocus.com/bid/29135
- http://www.securitytracker.com/id?1020003
- http://www.vupen.com/english/advisories/2008/1473/references
- http://www.vupen.com/english/advisories/2008/1709/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42322
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5269