Vulnerabilities > CVE-2009-0304 - Remote Denial of Service vulnerability in SUN Opensolaris and Solaris
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
Vulnerable Configurations
Exploit-Db
| description | SunOS Release 5.11 Version snv_101b Remote IPV6 Crash Exploit. CVE-2009-0304. Dos exploit for solaris platform |
| file | exploits/solaris/dos/7865.c |
| id | EDB-ID:7865 |
| last seen | 2016-02-01 |
| modified | 2009-01-26 |
| platform | solaris |
| port | |
| published | 2009-01-26 |
| reporter | kingcope |
| source | https://www.exploit-db.com/download/7865/ |
| title | SunOS Release 5.11 snv_101b - Remote IPv6 Crash Exploit |
| type | dos |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_138889.NASL description SunOS 5.10_x86: Kernel Patch. Date this patch was last updated by Sun : Apr/01/09 last seen 2018-09-01 modified 2018-08-13 plugin id 35211 published 2008-12-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35211 title Solaris 10 (x86) : 138889-08 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(35211); script_version("1.14"); script_name(english: "Solaris 10 (x86) : 138889-08"); script_cve_id("CVE-2009-0304"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 138889-08"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: Kernel Patch. Date this patch was last updated by Sun : Apr/01/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/138889-08"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2008/12/17"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_end_attributes(); script_summary(english: "Check for patch 138889-08"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS10_138888.NASL description SunOS 5.10: Kernel Patch. Date this patch was last updated by Sun : Apr/01/09 last seen 2018-09-01 modified 2018-08-13 plugin id 35199 published 2008-12-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35199 title Solaris 10 (sparc) : 138888-08 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(35199); script_version("1.14"); script_name(english: "Solaris 10 (sparc) : 138888-08"); script_cve_id("CVE-2009-0304"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 138888-08"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: Kernel Patch. Date this patch was last updated by Sun : Apr/01/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/138888-08"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2008/12/17"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_end_attributes(); script_summary(english: "Check for patch 138888-08"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2009-January/067709.html
- http://secunia.com/advisories/33605
- http://securitytracker.com/id?1021635
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-251006-1
- http://www.securityfocus.com/bid/33435
- http://www.vupen.com/english/advisories/2009/0232
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48208
- https://www.exploit-db.com/exploits/7865