Vulnerabilities > CVE-2009-0874 - Resource Management Errors vulnerability in SUN Opensolaris and Solaris

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

low complexity

sun

CWE-399

nessus

NVD

Published: 2009-03-12

Updated: 2009-04-02

Summary

Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Opensolaris Snv_01 SUN Opensolaris Snv_02 SUN Opensolaris Snv_03 SUN Opensolaris Snv_04 SUN Opensolaris Snv_05 SUN Opensolaris Snv_06 SUN Opensolaris Snv_07 SUN Opensolaris Snv_08 SUN Opensolaris Snv_09 SUN Opensolaris Snv_10 SUN Opensolaris Snv_11 SUN Opensolaris Snv_12 SUN Opensolaris Snv_13 SUN Opensolaris Snv_14 SUN Opensolaris Snv_15 SUN Opensolaris Snv_16 SUN Opensolaris Snv_17 SUN Opensolaris Snv_18 SUN Opensolaris Snv_19 SUN Opensolaris Snv_20 SUN Opensolaris Snv_21 SUN Opensolaris Snv_22 SUN Opensolaris Snv_23 SUN Opensolaris Snv_24 SUN Opensolaris Snv_25 SUN Opensolaris Snv_26 SUN Opensolaris Snv_27 SUN Opensolaris Snv_28 SUN Opensolaris Snv_29 SUN Opensolaris Snv_30 SUN Opensolaris Snv_31 SUN Opensolaris Snv_32 SUN Opensolaris Snv_33 SUN Opensolaris Snv_34 SUN Opensolaris Snv_35 SUN Opensolaris Snv_36 SUN Opensolaris Snv_37 SUN Opensolaris Snv_38 SUN Opensolaris Snv_39 SUN Opensolaris Snv_40 SUN Opensolaris Snv_41 SUN Opensolaris Snv_42 SUN Opensolaris Snv_43 SUN Opensolaris Snv_44 SUN Opensolaris Snv_45 SUN Opensolaris Snv_46 SUN Opensolaris Snv_47 SUN Opensolaris Snv_48 SUN Opensolaris Snv_49 SUN Opensolaris Snv_50 SUN Opensolaris Snv_51 SUN Opensolaris Snv_52 SUN Opensolaris Snv_53 SUN Opensolaris Snv_54 SUN Opensolaris Snv_55 SUN Opensolaris Snv_56 SUN Opensolaris Snv_57 SUN Opensolaris Snv_58 SUN Opensolaris Snv_59 SUN Opensolaris Snv_60 SUN Opensolaris Snv_61 SUN Opensolaris Snv_62 SUN Opensolaris Snv_63 SUN Opensolaris Snv_64 SUN Opensolaris Snv_65 SUN Opensolaris Snv_66 SUN Opensolaris Snv_67 SUN Opensolaris Snv_68 SUN Opensolaris Snv_69 SUN Opensolaris Snv_70 SUN Opensolaris Snv_71 SUN Opensolaris Snv_72 SUN Opensolaris Snv_73 SUN Opensolaris Snv_74 SUN Opensolaris Snv_75 SUN Opensolaris Snv_76 SUN Opensolaris Snv_77 SUN Opensolaris Snv_78 SUN Opensolaris Snv_79 SUN Opensolaris Snv_80 SUN Opensolaris Snv_81 SUN Opensolaris Snv_82 SUN Opensolaris Snv_83 SUN Opensolaris Snv_84 SUN Opensolaris Snv_85 SUN Opensolaris Snv_86 SUN Opensolaris Snv_87 SUN Opensolaris Snv_88 SUN Opensolaris Snv_89 SUN Opensolaris Snv_90 SUN Opensolaris Snv_91 SUN Opensolaris Snv_92 SUN Opensolaris * SUN Solaris 8 SUN Solaris 9 SUN Solaris 10	192

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_117350.NASL
description	SunOS 5.8: kernel patch. Date this patch was last updated by Sun : Apr/21/09
last seen	2020-06-01
modified	2020-06-02
plugin id	20945
published	2006-02-19
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20945
title	Solaris 8 (sparc) : 117350-62
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(20945); script_version("1.60"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2006-5012", "CVE-2007-5632", "CVE-2008-1115", "CVE-2008-3875", "CVE-2008-4160", "CVE-2009-0132", "CVE-2009-0874", "CVE-2009-0875"); script_name(english:"Solaris 8 (sparc) : 117350-62"); script_summary(english:"Check for patch 117350-62"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 117350-62" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: kernel patch. Date this patch was last updated by Sun : Apr/21/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/117350-62" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(78, 189, 264, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWcar", version:"11.8.0,REV=2000.01.13.13.40") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWcarx", version:"11.8.0,REV=2000.01.13.13.40") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"FJSVhea", version:"1.0,REV=1999.12.23.19.10") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWmdbx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWpmux", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWcsxu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWpmu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWcprx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWmdb", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"117350-62", obsoleted_by:"", package:"SUNWcpr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References