Vulnerabilities > CVE-2008-5661 - Resource Management Errors vulnerability in SUN Opensolaris and Solaris
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference. Per http://sunsolve.sun.com/search/document.do?assetkey=1-26-241126-1 "Note 3: A system is only affected by this issue if it is configured to use IPv4, has a network route with a gateway of 127.0.0.1, and the route does not have the blackhole flag set."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_120011.NASL description SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Sep/12/07 This plugin has been deprecated and either replaced with individual 120011 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26157 published 2007-09-25 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26157 title Solaris 10 (sparc) : 120011-14 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(26157); script_version("1.33"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2008-2121", "CVE-2008-5661"); script_bugtraq_id(29089, 32861); script_xref(name:"IAVT", value:"2008-T-0022"); script_xref(name:"IAVT", value:"2009-T-0003"); script_name(english:"Solaris 10 (sparc) : 120011-14 (deprecated)"); script_summary(english:"Check for patch 120011-14"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10: kernel patch. Date this patch was last updated by Sun : Sep/12/07 This plugin has been deprecated and either replaced with individual 120011 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120011-14" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 120011 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120012.NASL description SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Sep/14/07 This plugin has been deprecated and either replaced with individual 120012 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26992 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26992 title Solaris 10 (x86) : 120012-14 (deprecated) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(26992); script_version("1.32"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2008-2121", "CVE-2008-5661"); script_bugtraq_id(29089, 32861); script_xref(name:"IAVT", value:"2008-T-0022"); script_xref(name:"IAVT", value:"2009-T-0003"); script_name(english:"Solaris 10 (x86) : 120012-14 (deprecated)"); script_summary(english:"Check for patch 120012-14"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: kernel patch. Date this patch was last updated by Sun : Sep/14/07 This plugin has been deprecated and either replaced with individual 120012 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120012-14" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/12"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 120012 instead.");