Vulnerabilities > CVE-2009-2487 - Resource Management Errors vulnerability in SUN Opensolaris and Solaris
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_141021.NASL description SunOS 5.10_x86: ipf ipftest patch. Date this patch was last updated by Sun : Aug/21/09 last seen 2018-09-01 modified 2018-08-13 plugin id 39575 published 2009-06-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39575 title Solaris 10 (x86) : 141021-03 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(39575); script_version("1.14"); script_name(english: "Solaris 10 (x86) : 141021-03"); script_cve_id("CVE-2009-2487"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 141021-03"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: ipf ipftest patch. Date this patch was last updated by Sun : Aug/21/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/141021-03"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2009/06/30"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 141021-03"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS10_141020.NASL description SunOS 5.10: ipf ipftest patch. Date this patch was last updated by Sun : Aug/21/09 last seen 2018-09-01 modified 2018-08-13 plugin id 39574 published 2009-06-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39574 title Solaris 10 (sparc) : 141020-03 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(39574); script_version("1.15"); script_name(english: "Solaris 10 (sparc) : 141020-03"); script_cve_id("CVE-2009-2487"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 141020-03"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: ipf ipftest patch. Date this patch was last updated by Sun : Aug/21/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/141020-03"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2009/06/30"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 141020-03"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
Oval
| accepted | 2009-09-21T04:00:07.905-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:6361 | ||||||||
| status | accepted | ||||||||
| submitted | 2009-08-12T12:29:13.000-04:00 | ||||||||
| title | A Security Vulnerability in the Solaris IP Filter (ipf(5)) May Lead to a Denial of Service (DoS) Condition | ||||||||
| version | 35 |
References
- http://osvdb.org/55874
- http://secunia.com/advisories/35881
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-141020-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-260951-1
- http://www.vupen.com/english/advisories/2009/1923
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51739
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6361