Vulnerabilities > CVE-2008-5009 - Race Condition vulnerability in SUN Solstice X.25 9.2
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_108670.NASL description Solstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08 This plugin has been deprecated and either replaced with individual 108670 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22976 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22976 title Solaris 10 (x86) : 108670-21 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(22976); script_version("1.22"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-5009"); script_name(english:"Solaris 10 (x86) : 108670-21 (deprecated)"); script_summary(english:"Check for patch 108670-21"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Solstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08 This plugin has been deprecated and either replaced with individual 108670 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/108670-21" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C"); script_cwe_id(362); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 108670 instead.");
NASL family Solaris Local Security Checks NASL id SOLARIS7_108669.NASL description Solstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23223 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23223 title Solaris 7 (sparc) : 108669-21 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(23223); script_version("1.22"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-5009"); script_name(english:"Solaris 7 (sparc) : 108669-21"); script_summary(english:"Check for patch 108669-21"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 108669-21" ); script_set_attribute( attribute:"description", value: "Solstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/108669-21" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C"); script_cwe_id(362); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25b", version:"9.2") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25a", version:"9.2") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25ax", version:"9.2") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25bx", version:"9.2") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_108670.NASL description Solstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23430 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23430 title Solaris 8 (x86) : 108670-21 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(23430); script_version("1.19"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2008-5009"); script_name(english:"Solaris 8 (x86) : 108670-21"); script_summary(english:"Check for patch 108670-21"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 108670-21" ); script_set_attribute( attribute:"description", value: "Solstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/108670-21" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C"); script_cwe_id(362); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108670-21", obsoleted_by:"", package:"SUNWx25b", version:"9.2") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108670-21", obsoleted_by:"", package:"SUNWx25a", version:"9.2") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108670-21", obsoleted_by:"", package:"SUNWexpx", version:"1.1") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS10_108669.NASL description Solstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08 This plugin has been deprecated and either replaced with individual 108669 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22941 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22941 title Solaris 10 (sparc) : 108669-21 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_108669.NASL description Solstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23301 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23301 title Solaris 8 (sparc) : 108669-21 NASL family Solaris Local Security Checks NASL id SOLARIS7_X86_108670.NASL description Solstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23285 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23285 title Solaris 7 (x86) : 108670-21 NASL family Solaris Local Security Checks NASL id SOLARIS9_108669.NASL description Solstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23472 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23472 title Solaris 9 (sparc) : 108669-21 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_108670.NASL description Solstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23569 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23569 title Solaris 9 (x86) : 108670-21
References
- http://secunia.com/advisories/32667
- http://securitytracker.com/id?1021156
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-108669-21-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-108670-21-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-243106-1
- http://www.securityfocus.com/bid/32215
- http://www.vupen.com/english/advisories/2008/3087
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46466