Vulnerabilities > CVE-2013-0405 - Remote Security vulnerability in Oracle Sun Products Suite
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_123397.NASL description SunOS 5.9_x86: librpcsvc patch. Date this patch was last updated by Sun : Oct/10/07 last seen 2020-06-01 modified 2020-06-02 plugin id 27098 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27098 title Solaris 9 (x86) : 123397-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(27098); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2007-5462", "CVE-2013-0405"); script_name(english:"Solaris 9 (x86) : 123397-01"); script_summary(english:"Check for patch 123397-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 123397-01" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: librpcsvc patch. Date this patch was last updated by Sun : Oct/10/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000452.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"123397-01", obsoleted_by:"", package:"SUNWarc", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"123397-01", obsoleted_by:"", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"123397-01", obsoleted_by:"", package:"SUNWcsl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_148383-01.NASL description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem/NFS). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. Note: CVE-2013-0405 occurs only when the Solaris NFS client mounts the NFS server over IPv6. last seen 2020-06-01 modified 2020-06-02 plugin id 107653 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107653 title Solaris 10 (sparc) : 148383-01 NASL family Solaris Local Security Checks NASL id SOLARIS10_148383.NASL description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem/NFS). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. Note: CVE-2013-0405 occurs only when the Solaris NFS client mounts the NFS server over IPv6. This plugin has been deprecated and either replaced with individual 148383 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 64606 published 2013-02-13 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=64606 title Solaris 10 (sparc) : 148383-01 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS9_123396.NASL description SunOS 5.9: librpcsvc patch. Date this patch was last updated by Sun : Oct/10/07 last seen 2020-06-01 modified 2020-06-02 plugin id 27091 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27091 title Solaris 9 (sparc) : 123396-01 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_148384.NASL description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem/NFS). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. Note: CVE-2013-0405 occurs only when the Solaris NFS client mounts the NFS server over IPv6. This plugin has been deprecated and either replaced with individual 148384 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 64524 published 2013-02-10 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=64524 title Solaris 10 (x86) : 148384-01 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS8_127548.NASL description SunOS 5.8: librpcsvc patch. Date this patch was last updated by Sun : Oct/10/07 last seen 2020-06-01 modified 2020-06-02 plugin id 27087 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27087 title Solaris 8 (sparc) : 127548-01 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_127549.NASL description SunOS 5.8_x86: librpcsvc patch. Date this patch was last updated by Sun : Oct/10/07 last seen 2020-06-01 modified 2020-06-02 plugin id 27089 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27089 title Solaris 8 (x86) : 127549-01 NASL family Solaris Local Security Checks NASL id SOLARIS_APR2013_SRU3.NASL description This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem/NFS). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. Note: CVE-2013-0405 occurs only when the Solaris NFS client mounts the NFS server over IPv6. (CVE-2013-0405) last seen 2020-06-01 modified 2020-06-02 plugin id 76803 published 2014-07-26 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76803 title Oracle Solaris Critical Patch Update : apr2013_SRU3 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_148384-01.NASL description Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Filesystem/NFS). Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability allows successful unauthenticated network attacks via IPv6. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. Note: CVE-2013-0405 occurs only when the Solaris NFS client mounts the NFS server over IPv6. last seen 2020-06-01 modified 2020-06-02 plugin id 108146 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108146 title Solaris 10 (x86) : 148384-01
Oval
| accepted | 2013-12-30T04:00:26.103-05:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:19352 | ||||||||
| status | accepted | ||||||||
| submitted | 2013-11-20T11:43:28.000-05:00 | ||||||||
| title | CRITICAL PATCH UPDATE APRIL 2013 | ||||||||
| version | 37 |