Vulnerabilities > CVE-2008-5009 - Race Condition vulnerability in SUN Solstice X.25 9.2

047910
CVSS 4.0 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
high complexity
sun
CWE-362
nessus

Summary

Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.

Vulnerable Configurations

Part Description Count
Application
Sun
2
OS
Sun
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_108670.NASL
    descriptionSolstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08 This plugin has been deprecated and either replaced with individual 108670 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22976
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22976
    titleSolaris 10 (x86) : 108670-21 (deprecated)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(22976);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:24");
    
      script_cve_id("CVE-2008-5009");
    
      script_name(english:"Solaris 10 (x86) : 108670-21 (deprecated)");
      script_summary(english:"Check for patch 108670-21");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Solstice X.25 9.2 patch_x86.
    Date this patch was last updated by Sun : Nov/04/08
    
    This plugin has been deprecated and either replaced with individual
    108670 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/108670-21"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C");
      script_cwe_id(362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 108670 instead.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS7_108669.NASL
    descriptionSolstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23223
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23223
    titleSolaris 7 (sparc) : 108669-21
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(23223);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:24");
    
      script_cve_id("CVE-2008-5009");
    
      script_name(english:"Solaris 7 (sparc) : 108669-21");
      script_summary(english:"Check for patch 108669-21");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 108669-21"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Solstice X.25 9.2 patch.
    Date this patch was last updated by Sun : Oct/10/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/108669-21"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C");
      script_cwe_id(362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25b", version:"9.2") < 0) flag++;
    if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25a", version:"9.2") < 0) flag++;
    if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25ax", version:"9.2") < 0) flag++;
    if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"108669-21", obsoleted_by:"", package:"SUNWx25bx", version:"9.2") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());
      else security_warning(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_108670.NASL
    descriptionSolstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23430
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23430
    titleSolaris 8 (x86) : 108670-21
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(23430);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/25 13:36:25");
    
      script_cve_id("CVE-2008-5009");
    
      script_name(english:"Solaris 8 (x86) : 108670-21");
      script_summary(english:"Check for patch 108670-21");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 108670-21"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Solstice X.25 9.2 patch_x86.
    Date this patch was last updated by Sun : Nov/04/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/108670-21"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C");
      script_cwe_id(362);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108670-21", obsoleted_by:"", package:"SUNWx25b", version:"9.2") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108670-21", obsoleted_by:"", package:"SUNWx25a", version:"9.2") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"108670-21", obsoleted_by:"", package:"SUNWexpx", version:"1.1") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());
      else security_warning(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_108669.NASL
    descriptionSolstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08 This plugin has been deprecated and either replaced with individual 108669 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22941
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22941
    titleSolaris 10 (sparc) : 108669-21 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_108669.NASL
    descriptionSolstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23301
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23301
    titleSolaris 8 (sparc) : 108669-21
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS7_X86_108670.NASL
    descriptionSolstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23285
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23285
    titleSolaris 7 (x86) : 108670-21
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_108669.NASL
    descriptionSolstice X.25 9.2 patch. Date this patch was last updated by Sun : Oct/10/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23472
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23472
    titleSolaris 9 (sparc) : 108669-21
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_108670.NASL
    descriptionSolstice X.25 9.2 patch_x86. Date this patch was last updated by Sun : Nov/04/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23569
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23569
    titleSolaris 9 (x86) : 108670-21