Vulnerabilities > CVE-2012-3121 - Unspecified vulnerability in SUN Sunos 5.10/5.9
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sun
nessus
Summary
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer.
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_148625.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 148625 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 58559 published 2012-04-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=58559 title Solaris 10 (sparc) : 148625-01 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(58559); script_version("1.5"); script_cvs_date("Date: 2018/07/30 13:40:14"); script_cve_id("CVE-2012-3121"); script_name(english:"Solaris 10 (sparc) : 148625-01 (deprecated)"); script_summary(english:"Check for patch 148625-01"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 148625 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/148625-01" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 148625 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_148625-01.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. last seen 2020-06-01 modified 2020-06-02 plugin id 107662 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107662 title Solaris 10 (sparc) : 148625-01 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107662); script_version("1.3"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-3121"); script_name(english:"Solaris 10 (sparc) : 148625-01"); script_summary(english:"Check for patch 148625-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 148625-01" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/148625-01" ); script_set_attribute(attribute:"solution", value:"Install patch 148625-01 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3121"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148625"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"148625-01", obsoleted_by:"", package:"SUNWtnamd", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWtnamd"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_148626.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 148626 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 58587 published 2012-04-04 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=58587 title Solaris 10 (x86) : 148626-01 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(58587); script_version("1.5"); script_cvs_date("Date: 2018/07/30 13:40:14"); script_cve_id("CVE-2012-3121"); script_name(english:"Solaris 10 (x86) : 148626-01 (deprecated)"); script_summary(english:"Check for patch 148626-01"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 148626 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/148626-01" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 148626 instead.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_148626-01.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. last seen 2020-06-01 modified 2020-06-02 plugin id 108155 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108155 title Solaris 10 (x86) : 148626-01 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108155); script_version("1.3"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-3121"); script_name(english:"Solaris 10 (x86) : 148626-01"); script_summary(english:"Check for patch 148626-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 148626-01" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: in.tnamed(1M)). Supported versions that are affected are 9 and 10. Easily exploitable vulnerability allows successful unauthenticated network attacks via NameServer. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/148626-01" ); script_set_attribute(attribute:"solution", value:"Install patch 148626-01 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3121"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148626"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"148626-01", obsoleted_by:"", package:"SUNWtnamd", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWtnamd"); }
References
- http://osvdb.org/83935
- http://osvdb.org/83935
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
- http://www.securityfocus.com/bid/54553
- http://www.securityfocus.com/bid/54553
- http://www.securitytracker.com/id?1027274
- http://www.securitytracker.com/id?1027274
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77047
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77047