Vulnerabilities > CVE-2009-0480 - Numeric Errors vulnerability in SUN Opensolaris and Solaris

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
sun
CWE-189
nessus

Summary

The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.

Vulnerable Configurations

Part Description Count
OS
Sun
168

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_119435.NASL
    descriptionSunOS 5.9_x86: ip patch. Date this patch was last updated by Sun : Mar/05/10
    last seen2020-06-01
    modified2020-06-02
    plugin id22249
    published2006-08-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22249
    titleSolaris 9 (x86) : 119435-29
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(22249);
      script_version("1.48");
      script_cvs_date("Date: 2019/10/25 13:36:27");
    
      script_cve_id("CVE-2006-5073", "CVE-2007-2045", "CVE-2008-1095", "CVE-2008-1779", "CVE-2008-2121", "CVE-2009-0346", "CVE-2009-0480");
      script_bugtraq_id(29089);
      script_xref(name:"IAVT", value:"2008-T-0014");
      script_xref(name:"IAVT", value:"2008-T-0022");
    
      script_name(english:"Solaris 9 (x86) : 119435-29");
      script_summary(english:"Check for patch 119435-29");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 119435-29"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.9_x86: ip patch.
    Date this patch was last updated by Sun : Mar/05/10"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/119435-29"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(16, 189, 264, 310, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/21");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcstl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcsr", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcsl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWarc", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_114344.NASL
    descriptionSunOS 5.9: arp, dlcosmk, ip, and ipgpc Pat. Date this patch was last updated by Sun : Mar/05/10
    last seen2020-06-01
    modified2020-06-02
    plugin id15756
    published2004-11-18
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15756
    titleSolaris 9 (sparc) : 114344-43
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_116965.NASL
    descriptionSunOS 5.8: ip/arp/tcp/udp/tun patch. Date this patch was last updated by Sun : Jan/23/09
    last seen2020-06-01
    modified2020-06-02
    plugin id15593
    published2004-11-02
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15593
    titleSolaris 8 (sparc) : 116965-34
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_116966.NASL
    descriptionSunOS 5.8_x86: ip/arp/tcp/udp/tun patch. Date this patch was last updated by Sun : Jan/23/09
    last seen2020-06-01
    modified2020-06-02
    plugin id15595
    published2004-11-02
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15595
    titleSolaris 8 (x86) : 116966-33

Oval

accepted2009-03-23T04:00:16.596-04:00
classvulnerability
contributors
namePai Peng
organizationHewlett-Packard
definition_extensions
  • commentSolaris 8 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1539
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 8 (x86) is installed
    ovaloval:org.mitre.oval:def:2059
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionThe IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.
familyunix
idoval:org.mitre.oval:def:6038
statusaccepted
submitted2009-02-10T11:19:01.000-05:00
titleSecurity Vulnerability in the Solaris IP(7p) Implementation, Related to Minor Number Allocation, may Lead to a Denial of Service (DoS) Condition
version36

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 33550 CVE ID:CVE-2009-0480 CNCVE ID:CNCVE-20090480 Sun Solaris是一款商业性质的操作系统。 Sun Solaris IP(7p)(Internet协议)相关最小号分配的实现存在安全问题,本地攻击者可以利用漏洞分配大量套接字而导致32位应用程序触发拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8 Sun Solaris 10_x86 Sun Solaris 10 Sun OpenSolaris build snv_81 Sun OpenSolaris build snv_80 Sun OpenSolaris build snv_77 Sun OpenSolaris build snv_76 Sun OpenSolaris build snv_68 Sun OpenSolaris build snv_67 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_59 Sun OpenSolaris build snv_57 Sun OpenSolaris build snv_50 Sun OpenSolaris build snv_39 Sun OpenSolaris build snv_36 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 Avaya Interactive Response 4.0 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 15.0 Avaya CMS Server 14.1 Avaya CMS Server 14.0 Avaya CMS Server 13.1 补丁下载: Sun Solaris 9 Sun 114344-37 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -114344-37-1 Sun Solaris 9_x86 Sun 119435-25 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -119435-25-1 Sun Solaris 10_x86 Sun 138889-01 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -138889-01-1 Sun Solaris 8_x86 Sun 116966-33 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -116966-33-1 Sun Solaris 8 Sun 116965-34 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -116965-34-1 Sun Solaris 10 Sun 138888-01 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -138888-01-1
idSSV:5076
last seen2017-11-19
modified2009-04-21
published2009-04-21
reporterRoot
titleSun Solaris ip(7P)实现拒绝服务漏洞