Vulnerabilities > CVE-2009-3183 - Unspecified vulnerability in SUN Opensolaris and Solaris
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sun
nessus
Summary
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.
Vulnerable Configurations
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_142295.NASL description SunOS 5.8_x86: whodo w uptime patch. Date this patch was last updated by Sun : Oct/30/09 last seen 2016-09-26 modified 2011-10-24 plugin id 42333 published 2009-11-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=42333 title Solaris 8 (x86) : 142295-01 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(42333); script_version("1.10"); script_name(english: "Solaris 8 (x86) : 142295-01"); script_cve_id("CVE-2009-3183"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 142295-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.8_x86: whodo w uptime patch. Date this patch was last updated by Sun : Oct/30/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1020866.1.html"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2009/11/02"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_end_attributes(); script_summary(english: "Check for patch 142295-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"142295-01", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_hole(0); else security_hole(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_113996.NASL description SunOS 5.9_x86: utmp_update Patch. Date this patch was last updated by Sun : Oct/30/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13585 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13585 title Solaris 9 (x86) : 113996-06 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13585); script_version("1.24"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2009-3183"); script_name(english:"Solaris 9 (x86) : 113996-06"); script_summary(english:"Check for patch 113996-06"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 113996-06" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: utmp_update Patch. Date this patch was last updated by Sun : Oct/30/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/113996-06" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"113996-06", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_142285-01.NASL description SunOS 5.10_x86: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 108033 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108033 title Solaris 10 (x86) : 142285-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108033); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2009-3183"); script_name(english:"Solaris 10 (x86) : 142285-01"); script_summary(english:"Check for patch 142285-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 142285-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1020866.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 142285-01"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142285"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"142285-01", obsoleted_by:"142530-01 ", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcsu"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_142285.NASL description SunOS 5.10_x86: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-01 modified 2018-08-13 plugin id 40925 published 2009-09-10 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=40925 title Solaris 10 (x86) : 142285-01 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(40925); script_version("1.14"); script_name(english: "Solaris 10 (x86) : 142285-01"); script_cve_id("CVE-2009-3183"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 142285-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1020866.1.html"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2009/09/10"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 142285-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS9_113718.NASL description SunOS 5.9: usr/lib/utmp_update Patch. Date this patch was last updated by Sun : Oct/30/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13544 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13544 title Solaris 9 (sparc) : 113718-05 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13544); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2009-3183"); script_name(english:"Solaris 9 (sparc) : 113718-05"); script_summary(english:"Check for patch 113718-05"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 113718-05" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: usr/lib/utmp_update Patch. Date this patch was last updated by Sun : Oct/30/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/113718-05" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113718-05", obsoleted_by:"", package:"SUNWcsxu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113718-05", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_142286-01.NASL description SunOS 5.10: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 107534 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107534 title Solaris 10 (sparc) : 142286-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107534); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2009-3183"); script_name(english:"Solaris 10 (sparc) : 142286-01"); script_summary(english:"Check for patch 142286-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 142286-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1020866.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 142286-01"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142286"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"142286-01", obsoleted_by:"142529-01 ", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcsu"); }NASL family Solaris Local Security Checks NASL id SOLARIS8_142294.NASL description SunOS 5.8: whodo w uptime patch. Date this patch was last updated by Sun : Oct/30/09 last seen 2016-09-26 modified 2011-10-24 plugin id 42332 published 2009-11-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=42332 title Solaris 8 (sparc) : 142294-01 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(42332); script_version("1.10"); script_name(english: "Solaris 8 (sparc) : 142294-01"); script_cve_id("CVE-2009-3183"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 142294-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.8: whodo w uptime patch. Date this patch was last updated by Sun : Oct/30/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1020866.1.html"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2009/11/02"); script_cvs_date("Date: 2018/08/13 14:32:38"); script_end_attributes(); script_summary(english: "Check for patch 142294-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.8", arch:"sparc", patch:"142294-01", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12"); e += solaris_check_patch(release:"5.8", arch:"sparc", patch:"142294-01", obsoleted_by:"", package:"SUNWcsxu", version:"11.8.0,REV=2000.01.08.18.12"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_hole(0); else security_hole(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_142286.NASL description SunOS 5.10: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-02 modified 2018-08-13 plugin id 42078 published 2009-10-09 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=42078 title Solaris 10 (sparc) : 142286-01 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(42078); script_version("1.14"); script_name(english: "Solaris 10 (sparc) : 142286-01"); script_cve_id("CVE-2009-3183"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 142286-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: w and whodo patch. Date this patch was last updated by Sun : Sep/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1020866.1.html"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_publication_date", value: "2009/10/09"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_end_attributes(); script_summary(english: "Check for patch 142286-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
References
- http://osvdb.org/58110
- http://osvdb.org/58110
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-113718-04-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-113718-04-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266348-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-266348-1
- http://unsecurityresearch.blogspot.com/2009/02/advisories-published.html
- http://unsecurityresearch.blogspot.com/2009/02/advisories-published.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53188