Vulnerabilities > CVE-2008-2706 - Resource Management Errors vulnerability in SUN Solaris 10
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_137112.NASL description SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Oct/09/08 last seen 2018-09-01 modified 2018-08-13 plugin id 33209 published 2008-06-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=33209 title Solaris 10 (x86) : 137112-08 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(33209); script_version("1.25"); script_name(english: "Solaris 10 (x86) : 137112-08"); script_cve_id("CVE-2008-2706", "CVE-2008-2710", "CVE-2008-3549", "CVE-2008-3666", "CVE-2008-3875", "CVE-2008-6024"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 137112-08"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Oct/09/08'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/137112-08"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/18"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_end_attributes(); script_summary(english: "Check for patch 137112-08"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS10_137111.NASL description SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Oct/08/08 last seen 2018-09-02 modified 2018-08-13 plugin id 33206 published 2008-06-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=33206 title Solaris 10 (sparc) : 137111-08 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(33206); script_version("1.25"); script_name(english: "Solaris 10 (sparc) : 137111-08"); script_cve_id("CVE-2008-2706", "CVE-2008-2710", "CVE-2008-3549", "CVE-2008-3666", "CVE-2008-3875", "CVE-2008-6024"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 137111-08"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Oct/08/08'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/137111-08"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/18"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_end_attributes(); script_summary(english: "Check for patch 137111-08"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
Oval
| accepted | 2008-07-28T04:00:26.268-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5762 | ||||||||
| status | accepted | ||||||||
| submitted | 2008-06-17T14:54:16.000-04:00 | ||||||||
| title | Vulnerability in the Solaris 10 Event Port Implementation May Lead to a System Panic, Resulting in a Denial of Service (DoS) | ||||||||
| version | 35 |
References
- http://secunia.com/advisories/30653
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-235122-1
- http://www.securityfocus.com/bid/29680
- http://www.securitytracker.com/id?1020274
- http://www.vupen.com/english/advisories/2008/1807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43005
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5762