Vulnerabilities > CVE-2008-2946 - Resource Management Errors vulnerability in SUN Solaris and Sunos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128416-01.NASL description SunOS 5.10_x86: usr/lib/dmi/snmpXdmid patc. Date this patch was last updated by Sun : May/20/08 last seen 2020-06-01 modified 2020-06-02 plugin id 107966 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107966 title Solaris 10 (x86) : 128416-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107966); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-2946"); script_xref(name:"IAVT", value:"2008-T-0029"); script_name(english:"Solaris 10 (x86) : 128416-01"); script_summary(english:"Check for patch 128416-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 128416-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: usr/lib/dmi/snmpXdmid patc. Date this patch was last updated by Sun : May/20/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/128416-01" ); script_set_attribute(attribute:"solution", value:"Install patch 128416-01"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:128416"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"128416-01", obsoleted_by:"138362-01 137020-01 ", package:"SUNWsadmi", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsadmi"); }NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_108870.NASL description SunOS 5.8_x86: snmp/mibiisa patch. Date this patch was last updated by Sun : Dec/12/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13410 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13410 title Solaris 8 (x86) : 108870-36 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13410); script_version("1.38"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2008-2946"); script_xref(name:"IAVT", value:"2008-T-0029"); script_name(english:"Solaris 8 (x86) : 108870-36"); script_summary(english:"Check for patch 108870-36"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 108870-36" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: snmp/mibiisa patch. Date this patch was last updated by Sun : Dec/12/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/108870-36" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108870-36", obsoleted_by:"", package:"SUNWsadmi", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108870-36", obsoleted_by:"", package:"SUNWsasnm", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108870-36", obsoleted_by:"", package:"SUNWsacom", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108870-36", obsoleted_by:"", package:"SUNWmibii", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_108869.NASL description SunOS 5.8: snmp/mibiisa patch. Date this patch was last updated by Sun : Dec/12/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13298 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13298 title Solaris 8 (sparc) : 108869-36 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13298); script_version("1.39"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-2946"); script_xref(name:"IAVT", value:"2008-T-0029"); script_name(english:"Solaris 8 (sparc) : 108869-36"); script_summary(english:"Check for patch 108869-36"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 108869-36" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: snmp/mibiisa patch. Date this patch was last updated by Sun : Dec/12/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/108869-36" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108869-36", obsoleted_by:"", package:"SUNWsadmi", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108869-36", obsoleted_by:"", package:"SUNWsasnm", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108869-36", obsoleted_by:"", package:"SUNWsacom", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108869-36", obsoleted_by:"", package:"SUNWsadmx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108869-36", obsoleted_by:"", package:"SUNWmibii", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108869-36", obsoleted_by:"", package:"SUNWsasnx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128416.NASL description SunOS 5.10_x86: usr/lib/dmi/snmpXdmid patc. Date this patch was last updated by Sun : May/20/08 last seen 2018-09-01 modified 2018-08-13 plugin id 37825 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=37825 title Solaris 10 (x86) : 128416-01 NASL family Solaris Local Security Checks NASL id SOLARIS10_128415-01.NASL description SunOS 5.10: usr/lib/dmi/snmpXdmid patch. Date this patch was last updated by Sun : May/20/08 last seen 2020-06-01 modified 2020-06-02 plugin id 107467 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107467 title Solaris 10 (sparc) : 128415-01 NASL family Solaris Local Security Checks NASL id SOLARIS10_128415.NASL description SunOS 5.10: usr/lib/dmi/snmpXdmid patch. Date this patch was last updated by Sun : May/20/08 last seen 2018-09-02 modified 2018-08-13 plugin id 36856 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=36856 title Solaris 10 (sparc) : 128415-01 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_137403.NASL description SunOS 5.9_x86: snmpXdmid patch. Date this patch was last updated by Sun : Jun/24/08 last seen 2020-06-01 modified 2020-06-02 plugin id 33429 published 2008-07-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33429 title Solaris 9 (x86) : 137403-02 NASL family Solaris Local Security Checks NASL id SOLARIS9_137402.NASL description SunOS 5.9: snmpXdmid patch. Date this patch was last updated by Sun : Jul/09/08 last seen 2020-06-01 modified 2020-06-02 plugin id 33428 published 2008-07-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33428 title Solaris 9 (sparc) : 137402-02