Vulnerabilities > CVE-2008-2710 - Numeric Errors vulnerability in SUN Opensolaris, Solaris and Sunos

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
sun
CWE-189
nessus

Summary

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

Vulnerable Configurations

Part Description Count
OS
Sun
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_137112.NASL
    descriptionSunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Oct/09/08
    last seen2018-09-01
    modified2018-08-13
    plugin id33209
    published2008-06-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=33209
    titleSolaris 10 (x86) : 137112-08
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(33209);
     script_version("1.25");
    
     script_name(english: "Solaris 10 (x86) : 137112-08");
     script_cve_id("CVE-2008-2706", "CVE-2008-2710", "CVE-2008-3549", "CVE-2008-3666", "CVE-2008-3875", "CVE-2008-6024");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 137112-08");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10_x86: kernel patch.
    Date this patch was last updated by Sun : Oct/09/08');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/137112-08");
     script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
     script_cwe_id(399);
     script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/18");
     script_cvs_date("Date: 2019/10/25 13:36:24");
     script_end_attributes();
    
     script_summary(english: "Check for patch 137112-08");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_137111.NASL
    descriptionSunOS 5.10: kernel patch. Date this patch was last updated by Sun : Oct/08/08
    last seen2018-09-02
    modified2018-08-13
    plugin id33206
    published2008-06-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=33206
    titleSolaris 10 (sparc) : 137111-08
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(33206);
     script_version("1.25");
    
     script_name(english: "Solaris 10 (sparc) : 137111-08");
     script_cve_id("CVE-2008-2706", "CVE-2008-2710", "CVE-2008-3549", "CVE-2008-3666", "CVE-2008-3875", "CVE-2008-6024");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 137111-08");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10: kernel patch.
    Date this patch was last updated by Sun : Oct/08/08');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/137111-08");
     script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
     script_cwe_id(399);
     script_set_attribute(attribute:"plugin_publication_date", value: "2008/06/18");
     script_cvs_date("Date: 2019/10/25 13:36:24");
     script_end_attributes();
    
     script_summary(english: "Check for patch 137111-08");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    

Oval

accepted2008-07-28T04:00:24.214-04:00
classvulnerability
contributors
nameTodd Dolinsky
organizationHewlett-Packard
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionimsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
familyunix
idoval:org.mitre.oval:def:5731
statusaccepted
submitted2008-06-17T14:54:16.000-04:00
titleA Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary Code
version35