Vulnerabilities > CVE-2011-3507 - Remote Oracle Communications Unified vulnerability in Oracle SUN products Suite 7.0

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

oracle

nessus

NVD

Published: 2011-10-18

Updated: 2012-11-06

Summary

Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle SUN Products Suite 7.0	1

Nessus

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204.NASL
description	Messaging Server (64bit) 7.0.5.38.0: core patch. Date this patch was last updated by Sun : Dec/10/16 This plugin has been deprecated and either replaced with individual 137204 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	71652
published	2013-12-28
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=71652
title	Solaris 10 (sparc) : 137204-38 (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(71652); script_version("1.14"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2011-3507"); script_name(english:"Solaris 10 (sparc) : 137204-38 (deprecated)"); script_summary(english:"Check for patch 137204-38"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Messaging Server (64bit) 7.0.5.38.0: core patch. Date this patch was last updated by Sun : Dec/10/16 This plugin has been deprecated and either replaced with individual 137204 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/137204-38" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 137204 instead.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204-36.NASL
description	Messaging Server (64bit) 7.0.5.36.0: core patch. Date this patch was last updated by Sun : Oct/31/15
last seen	2020-06-01
modified	2020-06-02
plugin id	107494
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107494
title	Solaris 10 (sparc) : 137204-36
code	# # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107494); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2011-3507"); script_name(english:"Solaris 10 (sparc) : 137204-36"); script_summary(english:"Check for patch 137204-36"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 137204-36" ); script_set_attribute( attribute:"description", value: "Messaging Server (64bit) 7.0.5.36.0: core patch. Date this patch was last updated by Sun : Oct/31/15" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/137204-36" ); script_set_attribute(attribute:"solution", value:"Install patch 137204-36 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3507"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:137204"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/18"); script_set_attribute(attribute:"patch_publication_date", value:"2015/10/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"137204-36", obsoleted_by:"", package:"SUNWmessaging-server-64", version:"7.0,REV=2008.06.20") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWmessaging-server-64"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204-33.NASL
description	Messaging Server (64bit) 7.0.5.33.0: core patch. Date this patch was last updated by Sun : Sep/15/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107491
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107491
title	Solaris 10 (sparc) : 137204-33
code	# # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107491); script_version("1.3"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2011-3507"); script_name(english:"Solaris 10 (sparc) : 137204-33"); script_summary(english:"Check for patch 137204-33"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 137204-33" ); script_set_attribute( attribute:"description", value: "Messaging Server (64bit) 7.0.5.33.0: core patch. Date this patch was last updated by Sun : Sep/15/14" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/137204-33" ); script_set_attribute(attribute:"solution", value:"Install patch 137204-33 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3507"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:137204"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"137204-33", obsoleted_by:"", package:"SUNWmessaging-server-64", version:"7.0,REV=2008.06.20") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWmessaging-server-64"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205.NASL
description	Messaging Server (64bit) 7.0.5.38.0_x86: core patch. Date this patch was last updated by Sun : Dec/10/16 This plugin has been deprecated and either replaced with individual 137205 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	71699
published	2013-12-28
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=71699
title	Solaris 10 (x86) : 137205-38 (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(71699); script_version("1.14"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2011-3507"); script_name(english:"Solaris 10 (x86) : 137205-38 (deprecated)"); script_summary(english:"Check for patch 137205-38"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Messaging Server (64bit) 7.0.5.38.0_x86: core patch. Date this patch was last updated by Sun : Dec/10/16 This plugin has been deprecated and either replaced with individual 137205 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/137205-38" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 137205 instead.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204-38.NASL
description	Messaging Server (64bit) 7.0.5.38.0: core patch. Date this patch was last updated by Sun : Dec/10/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107496
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107496
title	Solaris 10 (sparc) : 137204-38
code	# # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107496); script_version("1.3"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2011-3507"); script_name(english:"Solaris 10 (sparc) : 137204-38"); script_summary(english:"Check for patch 137204-38"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 137204-38" ); script_set_attribute( attribute:"description", value: "Messaging Server (64bit) 7.0.5.38.0: core patch. Date this patch was last updated by Sun : Dec/10/16" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/137204-38" ); script_set_attribute(attribute:"solution", value:"Install patch 137204-38 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3507"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:137204"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/18"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"137204-38", obsoleted_by:"", package:"SUNWmessaging-server-64", version:"7.0,REV=2008.06.20") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWmessaging-server-64"); }

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205-38.NASL
description	Messaging Server (64bit) 7.0.5.38.0_x86: core patch. Date this patch was last updated by Sun : Dec/10/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107994
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107994
title	Solaris 10 (x86) : 137205-38

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204-35.NASL
description	Messaging Server (64bit) 7.0.5.35.0: core patch. Date this patch was last updated by Sun : May/30/15
last seen	2020-06-01
modified	2020-06-02
plugin id	107493
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107493
title	Solaris 10 (sparc) : 137204-35

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205-31.NASL
description	Messaging Server (64bit) 7.0.5.31.0_x86: core patch. Date this patch was last updated by Sun : Jun/03/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107988
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107988
title	Solaris 10 (x86) : 137205-31

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204-34.NASL
description	Messaging Server (64bit) 7.0.5.34.0: core patch. Date this patch was last updated by Sun : Oct/20/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107492
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107492
title	Solaris 10 (sparc) : 137204-34

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204-31.NASL
description	Messaging Server (64bit) 7.0.5.31.0: core patch. Date this patch was last updated by Sun : Jun/02/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107490
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107490
title	Solaris 10 (sparc) : 137204-31

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205-36.NASL
description	Messaging Server (64bit) 7.0.5.36.0_x86: core patch. Date this patch was last updated by Sun : Oct/31/15
last seen	2020-06-01
modified	2020-06-02
plugin id	107992
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107992
title	Solaris 10 (x86) : 137205-36

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_137204-37.NASL
description	Messaging Server (64bit) 7.0.5.37.0: core patch. Date this patch was last updated by Sun : Feb/15/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107495
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107495
title	Solaris 10 (sparc) : 137204-37

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205-35.NASL
description	Messaging Server (64bit) 7.0.5.35.0_x86: core patch. Date this patch was last updated by Sun : May/30/15
last seen	2020-06-01
modified	2020-06-02
plugin id	107991
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107991
title	Solaris 10 (x86) : 137205-35

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205-37.NASL
description	Messaging Server (64bit) 7.0.5.37.0_x86: core patch. Date this patch was last updated by Sun : Feb/15/16
last seen	2020-06-01
modified	2020-06-02
plugin id	107993
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107993
title	Solaris 10 (x86) : 137205-37

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205-34.NASL
description	Messaging Server (64bit) 7.0.5.34.0_x86: core patch. Date this patch was last updated by Sun : Oct/20/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107990
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107990
title	Solaris 10 (x86) : 137205-34

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_137205-33.NASL
description	Messaging Server (64bit) 7.0.5.33.0_x86: core patch. Date this patch was last updated by Sun : Sep/15/14
last seen	2020-06-01
modified	2020-06-02
plugin id	107989
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107989
title	Solaris 10 (x86) : 137205-33

Summary

Vulnerable Configurations

Nessus

References