Vulnerabilities > CVE-2009-0838 - Resource Management Errors vulnerability in SUN Opensolaris and Sunos
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_139498.NASL description SunOS 5.10: libpkcs11.so patch. Date this patch was last updated by Sun : Feb/26/09 last seen 2018-09-01 modified 2018-08-13 plugin id 36600 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=36600 title Solaris 10 (sparc) : 139498-04 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(36600); script_version("1.12"); script_name(english: "Solaris 10 (sparc) : 139498-04"); script_cve_id("CVE-2009-0838"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 139498-04"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: libpkcs11.so patch. Date this patch was last updated by Sun : Feb/26/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/139498-04"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2009/04/23"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 139498-04"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_139499.NASL description SunOS 5.10_x86: libpkcs11.so patch. Date this patch was last updated by Sun : Feb/26/09 last seen 2018-09-01 modified 2018-08-13 plugin id 36512 published 2009-04-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=36512 title Solaris 10 (x86) : 139499-04 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(36512); script_version("1.11"); script_name(english: "Solaris 10 (x86) : 139499-04"); script_cve_id("CVE-2009-0838"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 139499-04"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: libpkcs11.so patch. Date this patch was last updated by Sun : Feb/26/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/139499-04"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2009/04/23"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 139499-04"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
Oval
| accepted | 2009-04-20T04:00:16.154-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:5641 | ||||||||
| status | accepted | ||||||||
| submitted | 2009-03-10T13:09:16.000-04:00 | ||||||||
| title | A Security Vulnerability With the Solaris Crypto Driver May Cause a System Panic | ||||||||
| version | 35 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34000 CVE(CAN) ID: CVE-2009-0838 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris的加密伪设备驱动没有正确地释放内存,本地攻击者可以通过vmem_hash_delete函数导致系统忙碌。如果出现上述漏洞,系统可能出现类似于以下栈追踪的忙碌: vmem_hash_delete(): bad free vmem_hash_delete() vmem_xfree() object_get_attribute_value() fop_ioctl() ioctl() Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun OpenSolaris snv_88 - snv_102 厂商补丁: Sun --- Sun已经为此发布了一个安全公告(Sun-Alert-254088)以及相应补丁: Sun-Alert-254088:A Security Vulnerability With the Solaris Crypto Driver May Cause a System Panic 链接:<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-254088-1 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-254088-1</a> |
| id | SSV:4882 |
| last seen | 2017-11-19 |
| modified | 2009-03-11 |
| published | 2009-03-11 |
| reporter | Root |
| title | Sun Solaris加密驱动本地拒绝服务漏洞 |
References
- http://secunia.com/advisories/34149
- http://secunia.com/advisories/34455
- http://securitytracker.com/id?1021810
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-139498-04-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-254088-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-097.htm
- http://www.securityfocus.com/bid/34000
- http://www.vupen.com/english/advisories/2009/0606
- http://www.vupen.com/english/advisories/2009/0815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49105
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5641