Vulnerabilities > CVE-2009-3839 - Remote Privilege Escalation vulnerability in SUN Opensolaris and Solaris

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sun
nessus
NVD
Published: 2009-11-02
Updated: 2017-09-19

Summary

Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.

Vulnerable Configurations

Part Description Count
OS
Sun
181

Nessus

NASL familySolaris Local Security Checks
NASL idSOLARIS10_126363.NASL
descriptionSunOS 5.10: X Window System changes - Solaris Trusted Extensions. Date this patch was last updated by Sun : Jun/14/14 This plugin has been deprecated and either replaced with individual 126363 patch-revision plugins, or deemed non-security related.
last seen2019-02-21
modified2018-07-30
plugin id42171
published2009-10-19
reporterTenable
sourcehttps://www.tenable.com/plugins/index.php?view=single&id=42171
titleSolaris 10 (sparc) : 126363-10 (deprecated)
code

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2018/03/12. Deprecated and either replaced by
# individual patch-revision plugins, or has been deemed a
# non-security advisory.
#
include("compat.inc");

if (description)
{
  script_id(42171);
  script_version("1.22");
  script_cvs_date("Date: 2019/09/24 15:02:54");

  script_cve_id("CVE-2009-3839", "CVE-2014-0397");
  script_bugtraq_id(36840, 65819);

  script_name(english:"Solaris 10 (sparc) : 126363-10 (deprecated)");
  script_summary(english:"Check for patch 126363-10");

  script_set_attribute(
    attribute:"synopsis", 
    value:"This plugin has been deprecated."
  );
  script_set_attribute(
    attribute:"description",
    value:
"SunOS 5.10: X Window System changes - Solaris Trusted Extensions.
Date this patch was last updated by Sun : Jun/14/14

This plugin has been deprecated and either replaced with individual
126363 patch-revision plugins, or deemed non-security related."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/126363-10"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"n/a"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}

exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 126363 instead.");

Oval

accepted2010-01-25T04:00:19.287-05:00
classvulnerability
contributors
namePai Peng
organizationHewlett-Packard
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionUnspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.
familyunix
idoval:org.mitre.oval:def:6480
statusaccepted
submitted2009-12-17T14:02:00.000-05:00
titleA Security Weakness in Solaris Trusted Extensions May Facilitate Privilege Escalation
version35

References