Vulnerabilities > CVE-2009-0319 - Local Code Execution vulnerability in SUN Opensolaris and Solaris

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

sun

nessus

NVD

Published: 2009-01-28

Updated: 2017-09-29

Summary

Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems."

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Opensolaris Snv_01 SUN Opensolaris Snv_02 SUN Opensolaris Snv_03 SUN Opensolaris Snv_04 SUN Opensolaris Snv_05 SUN Opensolaris Snv_06 SUN Opensolaris Snv_07 SUN Opensolaris Snv_08 SUN Opensolaris Snv_09 SUN Opensolaris Snv_10 SUN Opensolaris Snv_11 SUN Opensolaris Snv_12 SUN Opensolaris Snv_13 SUN Opensolaris Snv_14 SUN Opensolaris Snv_15 SUN Opensolaris Snv_16 SUN Opensolaris Snv_17 SUN Opensolaris Snv_18 SUN Opensolaris Snv_19 SUN Opensolaris Snv_20 SUN Opensolaris Snv_21 SUN Opensolaris Snv_22 SUN Opensolaris Snv_23 SUN Opensolaris Snv_24 SUN Opensolaris Snv_25 SUN Opensolaris Snv_26 SUN Opensolaris Snv_27 SUN Opensolaris Snv_28 SUN Opensolaris Snv_29 SUN Opensolaris Snv_30 SUN Opensolaris Snv_31 SUN Opensolaris Snv_32 SUN Opensolaris Snv_33 SUN Opensolaris Snv_34 SUN Opensolaris Snv_35 SUN Opensolaris Snv_36 SUN Opensolaris Snv_37 SUN Opensolaris Snv_38 SUN Opensolaris Snv_39 SUN Opensolaris Snv_40 SUN Opensolaris Snv_41 SUN Opensolaris Snv_42 SUN Opensolaris Snv_43 SUN Opensolaris Snv_44 SUN Opensolaris Snv_45 SUN Opensolaris Snv_46 SUN Opensolaris Snv_47 SUN Opensolaris Snv_48 SUN Opensolaris Snv_49 SUN Opensolaris Snv_50 SUN Opensolaris Snv_51 SUN Opensolaris Snv_52 SUN Opensolaris Snv_53 SUN Opensolaris Snv_54 SUN Opensolaris Snv_55 SUN Opensolaris Snv_56 SUN Opensolaris Snv_57 SUN Opensolaris Snv_58 SUN Opensolaris Snv_59 SUN Opensolaris Snv_60 SUN Opensolaris Snv_61 SUN Opensolaris Snv_62 SUN Opensolaris Snv_63 SUN Opensolaris Snv_64 SUN Opensolaris Snv_65 SUN Opensolaris Snv_66 SUN Opensolaris Snv_67 SUN Opensolaris Snv_68 SUN Opensolaris Snv_69 SUN Opensolaris Snv_70 SUN Opensolaris Snv_71 SUN Opensolaris Snv_72 SUN Opensolaris Snv_73 SUN Opensolaris Snv_74 SUN Opensolaris Snv_75 SUN Opensolaris Snv_76 SUN Opensolaris Snv_77 SUN Opensolaris Snv_78 SUN Opensolaris Snv_79 SUN Opensolaris Snv_80 SUN Opensolaris Snv_81 SUN Opensolaris Snv_82 SUN Opensolaris Snv_83 SUN Opensolaris Snv_84 SUN Opensolaris Snv_85 SUN Opensolaris Snv_86 SUN Opensolaris Snv_87 SUN Opensolaris Snv_88 SUN Opensolaris Snv_89 SUN Opensolaris Snv_90 SUN Opensolaris Snv_91 SUN Opensolaris Snv_92 SUN Opensolaris Snv_93 SUN Opensolaris Snv_94 SUN Opensolaris Snv_95 SUN Opensolaris Snv_96 SUN Opensolaris Snv_97 SUN Opensolaris Snv_98 SUN Opensolaris Snv_99 SUN Opensolaris Snv_100 SUN Opensolaris Snv_101 SUN Opensolaris Snv_102 SUN Opensolaris Snv_103 SUN Opensolaris Snv_104 SUN Opensolaris Snv_105 SUN Opensolaris Snv_106 SUN Opensolaris * SUN Solaris 8 SUN Solaris 9 SUN Solaris 10	210

Nessus

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_139561.NASL
description	SunOS 5.10_x86: autofs patch. Date this patch was last updated by Sun : Mar/09/09
last seen	2018-09-01
modified	2018-08-13
plugin id	35571
published	2009-02-02
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=35571
title	Solaris 10 (x86) : 139561-02
code	#%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(35571); script_version("1.12"); script_name(english: "Solaris 10 (x86) : 139561-02"); script_cve_id("CVE-2009-0319"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 139561-02"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: autofs patch. Date this patch was last updated by Sun : Mar/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/139561-02"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/02"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 139561-02"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_139560.NASL
description	SunOS 5.10: autofs patch. Date this patch was last updated by Sun : Mar/09/09
last seen	2018-09-02
modified	2018-08-13
plugin id	35579
published	2009-02-03
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=35579
title	Solaris 10 (sparc) : 139560-02
code	#%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(35579); script_version("1.12"); script_name(english: "Solaris 10 (sparc) : 139560-02"); script_cve_id("CVE-2009-0319"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 139560-02"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: autofs patch. Date this patch was last updated by Sun : Mar/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/139560-02"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/03"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 139560-02"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_116053.NASL
description	SunOS 5.9_x86: autofs patch. Date this patch was last updated by Sun : Jan/22/09
last seen	2016-09-26
modified	2011-10-24
plugin id	35575
published	2009-02-02
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=35575
title	Solaris 9 (x86) : 116053-03
code	#%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(35575); script_version("1.12"); script_name(english: "Solaris 9 (x86) : 116053-03"); script_cve_id("CVE-2009-0319"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 116053-03"); script_set_attribute(attribute: "description", value: 'SunOS 5.9_x86: autofs patch. Date this patch was last updated by Sun : Jan/22/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1019967.1.html"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/02"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_end_attributes(); script_summary(english: "Check for patch 116053-03"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"116053-03", obsoleted_by:"122301-42 ", package:"SUNWatfsr", version:"11.9.0,REV=2002.11.04.02.51"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_warning(0); else security_warning(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_X86_128625.NASL
description	SunOS 5.8_x86: LDAP2 client, libc, libthre. Date this patch was last updated by Sun : Mar/09/09
last seen	2020-06-01
modified	2020-06-02
plugin id	29850
published	2008-01-04
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29850
title	Solaris 8 (x86) : 128625-11
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(29850); script_version("1.27"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2009-0319", "CVE-2009-2029"); script_name(english:"Solaris 8 (x86) : 128625-11"); script_summary(english:"Check for patch 128625-11"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 128625-11" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: LDAP2 client, libc, libthre. Date this patch was last updated by Sun : Mar/09/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/128625-11" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWpppd", version:"11.8.0,REV=2001.02.21.14.14") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWnisr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWapppr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWpppdu", version:"11.8.0,REV=2001.02.21.14.14") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWpppdr", version:"11.8.0,REV=2001.02.21.14.14") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWcstl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWatfsr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWlldap", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWapppu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWdpl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWmdb", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWnisu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWpppgS", version:"11.8.0,REV=2001.02.21.14.14") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWatfsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"128625-11", obsoleted_by:"", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_128624.NASL
description	SunOS 5.8: LDAP2 client, libc, libthread a. Date this patch was last updated by Sun : Mar/09/09
last seen	2020-06-01
modified	2020-06-02
plugin id	29828
published	2008-01-02
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29828
title	Solaris 8 (sparc) : 128624-11
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(29828); script_version("1.29"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2009-0319", "CVE-2009-2029"); script_name(english:"Solaris 8 (sparc) : 128624-11"); script_summary(english:"Check for patch 128624-11"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 128624-11" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: LDAP2 client, libc, libthread a. Date this patch was last updated by Sun : Mar/09/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/128624-11" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcstlx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWpppdx", version:"11.8.0,REV=2001.02.21.14.02") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWpppd", version:"11.8.0,REV=2001.02.21.14.02") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWmdbx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWnisr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWapppr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWpppdu", version:"11.8.0,REV=2001.02.21.14.02") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWpppdr", version:"11.8.0,REV=2001.02.21.14.02") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcstl", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcarx", version:"11.8.0,REV=2000.01.13.13.40") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWatfsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWdplx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcslx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWlldap", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWarcx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWapppu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWdpl", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWmdb", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWnisu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcsxu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWpppgS", version:"11.8.0,REV=2001.02.21.14.02") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWatfsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"128624-11", obsoleted_by:"", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_113318.NASL
description	SunOS 5.9: NFS & autofs patch. Date this patch was last updated by Sun : Mar/09/09
last seen	2016-09-26
modified	2013-03-30
plugin id	25397
published	2007-06-04
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=25397
title	Solaris 9 (sparc) : 113318-35
code	#%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(25397); script_version("1.25"); script_name(english: "Solaris 9 (sparc) : 113318-35"); script_cve_id("CVE-2007-2442", "CVE-2007-2882", "CVE-2007-3999", "CVE-2009-0319"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 113318-35"); script_set_attribute(attribute: "description", value: 'SunOS 5.9: NFS & autofs patch. Date this patch was last updated by Sun : Mar/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/113318-35"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119,20); script_set_attribute(attribute:"plugin_publication_date", value: "2007/06/04"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_set_attribute(attribute:"patch_publication_date", value: "2007/09/04"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/05/24"); script_end_attributes(); script_summary(english: "Check for patch 113318-35"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWatfsr", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWatfsu", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWcarx", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWcarx", version:"11.9.0,REV=2002.04.09.12.25"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWcsr", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWhea", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWnfscr", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWnfscu", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWnfscx", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWnfssr", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWnfssu", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWnfssx", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWrsg", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWrsgk", version:"11.9.0,REV=2002.04.06.15.27"); e += solaris_check_patch(release:"5.9", arch:"sparc", patch:"113318-35", obsoleted_by:"122300-41 ", package:"SUNWrsgx", version:"11.9.0,REV=2002.04.06.15.27"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_hole(0); else security_hole(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");

Oval

accepted

2009-03-16T04:00:15.050-04:00

class

vulnerability

contributors

name	Pai Peng
organization	Hewlett-Packard

definition_extensions

comment Solaris 8 (SPARC) is installed
oval oval:org.mitre.oval:def:1539
comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 8 (x86) is installed
oval oval:org.mitre.oval:def:2059
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:5977

status

accepted

submitted

2009-02-05T13:18:38.000-05:00

title

Security Vulnerability in the Solaris "autofs" Kernel Module may Allow a Local Unprivileged User to Execute Arbitrary Code

version

Summary

Vulnerable Configurations

Nessus

Oval

References