Vulnerabilities > CVE-2013-1530 - Local Security vulnerability in SUN Sunos 5.10

047910
CVSS 3.8 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
high complexity
sun
nessus

Summary

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.

Vulnerable Configurations

Part Description Count
OS
Sun
1

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_150117.NASL
    descriptionSunOS 5.10: mac patch. Date this patch was last updated by Sun : Mar/22/13
    last seen2018-09-01
    modified2018-07-30
    plugin id65680
    published2013-03-26
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=65680
    titleSolaris 10 (sparc) : 150117-01
    code
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a security fix.
    #
    # Disabled on 2013/07/24.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(65680);
     script_version("1.9");
    
     script_name(english: "Solaris 10 (sparc) : 150117-01");
    script_cve_id("CVE-2013-1530");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 150117-01");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10: mac patch.
    Date this patch was last updated by Sun : Mar/22/13');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/150117-01");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C");
     script_set_attribute(attribute: "patch_publication_date", value: "2013/03/22");
     script_set_attribute(attribute: "cpe", value: "cpe:/o:sun:solaris");
     script_set_attribute(attribute: "plugin_type", value: "local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/26");
      script_cvs_date("Date: 2018/07/30 13:40:14");
     script_end_attributes();
    
     script_summary(english: "Check for patch 150117-01");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "The associated patch is not currently a security fix.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_150118.NASL
    descriptionSunOS 5.10_x86: mac patch. Date this patch was last updated by Sun : Mar/22/13
    last seen2018-09-01
    modified2018-07-30
    plugin id65665
    published2013-03-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=65665
    titleSolaris 10 (x86) : 150118-01
    code
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a security fix.
    #
    # Disabled on 2013/09/23.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(65665);
     script_version("1.9");
    
     script_name(english: "Solaris 10 (x86) : 150118-01");
    script_cve_id("CVE-2013-1530");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 150118-01");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10_x86: mac patch.
    Date this patch was last updated by Sun : Mar/22/13');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/150118-01");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C");
     script_set_attribute(attribute: "patch_publication_date", value: "2013/03/22");
     script_set_attribute(attribute: "cpe", value: "cpe:/o:sun:solaris");
     script_set_attribute(attribute: "plugin_type", value: "local");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/24");
      script_cvs_date("Date: 2018/07/30 13:40:14");
     script_end_attributes();
    
     script_summary(english: "Check for patch 150118-01");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "The associated patch is not currently a security fix.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_150118-01.NASL
    descriptionVulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).
    last seen2020-06-01
    modified2020-06-02
    plugin id108184
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108184
    titleSolaris 10 (x86) : 150118-01
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(108184);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2013-1530");
    
      script_name(english:"Solaris 10 (x86) : 150118-01");
      script_summary(english:"Check for patch 150118-01");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 150118-01"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vulnerability in the Solaris component of Oracle and Sun Systems
    Products Suite (subcomponent: Kernel). The supported version that is
    affected is 10. Very difficult to exploit vulnerability requiring
    logon to Operating System plus additional login/authentication to
    component or subcomponent. Successful attack of this vulnerability can
    escalate attacker privileges resulting in unauthorized Operating
    System hang or frequently repeatable crash (complete DOS)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/150118-01"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 150118-01 or higher");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:N/I:N/A:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1530");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150118");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"150118-01", obsoleted_by:"150401-02 ", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWckr");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_150117-01.NASL
    descriptionVulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS).
    last seen2020-06-01
    modified2020-06-02
    plugin id107690
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107690
    titleSolaris 10 (sparc) : 150117-01

Oval

accepted2013-12-30T04:00:22.207-05:00
classvulnerability
contributors
nameMerryl DMello
organizationHewlett-Packard
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
familyunix
idoval:org.mitre.oval:def:19192
statusaccepted
submitted2013-11-20T11:43:28.000-05:00
titleCRITICAL PATCH UPDATE APRIL 2013
version37