Vulnerabilities > CVE-2012-1750 - Local Solaris vulnerability in Oracle Sun Products Suite
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_148871-01.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. last seen 2020-06-01 modified 2020-06-02 plugin id 108161 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108161 title Solaris 10 (x86) : 148871-01 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108161); script_version("1.4"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-1750"); script_name(english:"Solaris 10 (x86) : 148871-01"); script_summary(english:"Check for patch 148871-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 148871-01" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/148871-01" ); script_set_attribute(attribute:"solution", value:"Install patch 148871-01 or higher"); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1750"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148871"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"148871-01", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"148871-01", obsoleted_by:"", package:"SUNWscpr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcsr / SUNWscpr"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_148870.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 148870 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 59963 published 2012-07-13 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=59963 title Solaris 10 (sparc) : 148870-01 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS_JUL2012_SRU7_5.NASL description This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2012-1750) - Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: pkg.depotd(1M)). The supported version that is affected is 11. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data. (CVE-2012-3130) last seen 2020-06-01 modified 2020-06-02 plugin id 76816 published 2014-07-26 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76816 title Oracle Solaris Critical Patch Update : jul2012_SRU7_5 NASL family Solaris Local Security Checks NASL id SOLARIS10_148870-01.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. last seen 2020-06-01 modified 2020-06-02 plugin id 107668 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107668 title Solaris 10 (sparc) : 148870-01 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_148871.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: mailx(1)). Supported versions that are affected are 8, 9, 10 and 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 148871 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 59953 published 2012-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=59953 title Solaris 10 (x86) : 148871-01 (deprecated)