Vulnerabilities > CVE-2009-0480 - Numeric Errors vulnerability in SUN Opensolaris and Solaris
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_119435.NASL description SunOS 5.9_x86: ip patch. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 22249 published 2006-08-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22249 title Solaris 9 (x86) : 119435-29 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(22249); script_version("1.48"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2006-5073", "CVE-2007-2045", "CVE-2008-1095", "CVE-2008-1779", "CVE-2008-2121", "CVE-2009-0346", "CVE-2009-0480"); script_bugtraq_id(29089); script_xref(name:"IAVT", value:"2008-T-0014"); script_xref(name:"IAVT", value:"2008-T-0022"); script_name(english:"Solaris 9 (x86) : 119435-29"); script_summary(english:"Check for patch 119435-29"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119435-29" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: ip patch. Date this patch was last updated by Sun : Mar/05/10" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119435-29" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16, 189, 264, 310, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/21"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcstl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcsr", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWcsl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"119435-29", obsoleted_by:"122301-62 ", package:"SUNWarc", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_114344.NASL description SunOS 5.9: arp, dlcosmk, ip, and ipgpc Pat. Date this patch was last updated by Sun : Mar/05/10 last seen 2020-06-01 modified 2020-06-02 plugin id 15756 published 2004-11-18 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15756 title Solaris 9 (sparc) : 114344-43 NASL family Solaris Local Security Checks NASL id SOLARIS8_116965.NASL description SunOS 5.8: ip/arp/tcp/udp/tun patch. Date this patch was last updated by Sun : Jan/23/09 last seen 2020-06-01 modified 2020-06-02 plugin id 15593 published 2004-11-02 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15593 title Solaris 8 (sparc) : 116965-34 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_116966.NASL description SunOS 5.8_x86: ip/arp/tcp/udp/tun patch. Date this patch was last updated by Sun : Jan/23/09 last seen 2020-06-01 modified 2020-06-02 plugin id 15595 published 2004-11-02 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15595 title Solaris 8 (x86) : 116966-33
Oval
accepted | 2009-03-23T04:00:16.596-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:6038 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2009-02-10T11:19:01.000-05:00 | ||||||||||||||||||||||||
title | Security Vulnerability in the Solaris IP(7p) Implementation, Related to Minor Number Allocation, may Lead to a Denial of Service (DoS) Condition | ||||||||||||||||||||||||
version | 36 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 33550 CVE ID:CVE-2009-0480 CNCVE ID:CNCVE-20090480 Sun Solaris是一款商业性质的操作系统。 Sun Solaris IP(7p)(Internet协议)相关最小号分配的实现存在安全问题,本地攻击者可以利用漏洞分配大量套接字而导致32位应用程序触发拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8 Sun Solaris 10_x86 Sun Solaris 10 Sun OpenSolaris build snv_81 Sun OpenSolaris build snv_80 Sun OpenSolaris build snv_77 Sun OpenSolaris build snv_76 Sun OpenSolaris build snv_68 Sun OpenSolaris build snv_67 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_59 Sun OpenSolaris build snv_57 Sun OpenSolaris build snv_50 Sun OpenSolaris build snv_39 Sun OpenSolaris build snv_36 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 Avaya Interactive Response 4.0 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 15.0 Avaya CMS Server 14.1 Avaya CMS Server 14.0 Avaya CMS Server 13.1 补丁下载: Sun Solaris 9 Sun 114344-37 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -114344-37-1 Sun Solaris 9_x86 Sun 119435-25 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -119435-25-1 Sun Solaris 10_x86 Sun 138889-01 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -138889-01-1 Sun Solaris 8_x86 Sun 116966-33 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -116966-33-1 Sun Solaris 8 Sun 116965-34 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -116965-34-1 Sun Solaris 10 Sun 138888-01 <a href=http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21</a> -138888-01-1 |
id | SSV:5076 |
last seen | 2017-11-19 |
modified | 2009-04-21 |
published | 2009-04-21 |
reporter | Root |
title | Sun Solaris ip(7P)实现拒绝服务漏洞 |
References
- http://mail.opensolaris.org/pipermail/onnv-notify/2008-January/013262.html
- http://secunia.com/advisories/33751
- http://securitytracker.com/id?1021653
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-116965-34-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-248026-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-042.htm
- http://www.securityfocus.com/bid/33550
- http://www.vupen.com/english/advisories/2009/0364
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6038