Vulnerabilities > CVE-2008-2710 - Numeric Errors vulnerability in SUN Opensolaris, Solaris and Sunos

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sun

CWE-189

nessus

NVD

Published: 2008-06-16

Updated: 2024-11-21

Summary

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Solaris * SUN Opensolaris 10 SUN Sunos -	3

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137112.NASL
description	SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Oct/09/08
last seen	2018-09-01
modified	2018-08-13
plugin id	33209
published	2008-06-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=33209
title	Solaris 10 (x86) : 137112-08
code	#%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(33209); script_version("1.25"); script_name(english: "Solaris 10 (x86) : 137112-08"); script_cve_id("CVE-2008-2706", "CVE-2008-2710", "CVE-2008-3549", "CVE-2008-3666", "CVE-2008-3875", "CVE-2008-6024"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 137112-08"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Oct/09/08'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/137112-08"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/18"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_end_attributes(); script_summary(english: "Check for patch 137112-08"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137111.NASL
description	SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Oct/08/08
last seen	2018-09-02
modified	2018-08-13
plugin id	33206
published	2008-06-18
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=33206
title	Solaris 10 (sparc) : 137111-08
code	#%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(33206); script_version("1.25"); script_name(english: "Solaris 10 (sparc) : 137111-08"); script_cve_id("CVE-2008-2706", "CVE-2008-2710", "CVE-2008-3549", "CVE-2008-3666", "CVE-2008-3875", "CVE-2008-6024"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 137111-08"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Oct/08/08'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/137111-08"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/18"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_end_attributes(); script_summary(english: "Check for patch 137111-08"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");

Oval

accepted

2008-07-28T04:00:24.214-04:00

class

vulnerability

contributors

name	Todd Dolinsky
organization	Hewlett-Packard

definition_extensions

comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

family

unix

oval:org.mitre.oval:def:5731

status

accepted

submitted

2008-06-17T14:54:16.000-04:00

title

A Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary Code

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

References