Vulnerabilities > CVE-2013-3837

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
oracle
sun
nessus

Summary

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.

Vulnerable Configurations

Part Description Count
OS
Oracle
1
OS
Sun
1

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS_OCT2013_SRU11_1_12_5_0.NASL
    descriptionThis Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Cacao). Supported versions that are affected are 10 and 11.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SNMP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2013-3837) - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel/KSSL). The supported version that is affected is 11.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SSL. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. (CVE-2013-5861) - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.1. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS) as well as update, insert or delete access to some Solaris accessible data and read access to a subset of Solaris accessible data. (CVE-2013-5866)
    last seen2020-06-01
    modified2020-06-02
    plugin id76835
    published2014-07-26
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76835
    titleOracle Solaris Critical Patch Update : oct2013_SRU11_1_12_5_0
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle CPU for oct2013.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(76835);
      script_version("1.6");
      script_cvs_date("Date: 2018/11/14 14:36:23");
    
      script_cve_id("CVE-2013-3837", "CVE-2013-5861", "CVE-2013-5866");
      script_bugtraq_id(63070, 63080, 63085);
    
      script_name(english:"Oracle Solaris Critical Patch Update : oct2013_SRU11_1_12_5_0");
      script_summary(english:"Check for the oct2013 CPU");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch from CPU
    oct2013."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This Solaris system is missing necessary patches to address critical
    security updates :
    
      - Vulnerability in the Solaris component of Oracle and Sun
        Systems Products Suite (subcomponent: Cacao). Supported
        versions that are affected are 10 and 11.1. Difficult to
        exploit vulnerability allows successful unauthenticated
        network attacks via SNMP. Successful attack of this
        vulnerability can result in unauthorized ability to
        cause a partial denial of service (partial DOS) of
        Solaris. (CVE-2013-3837)
    
      - Vulnerability in the Solaris component of Oracle and Sun
        Systems Products Suite (subcomponent: Kernel/KSSL). The
        supported version that is affected is 11.1. Difficult to
        exploit vulnerability allows successful unauthenticated
        network attacks via SSL. Successful attack of this
        vulnerability can result in unauthorized ability to
        cause a partial denial of service (partial DOS) of
        Solaris. (CVE-2013-5861)
    
      - Vulnerability in the Solaris component of Oracle and Sun
        Systems Products Suite (subcomponent: Kernel). The
        supported version that is affected is 11.1. Very
        difficult to exploit vulnerability requiring logon to
        Operating System. Successful attack of this
        vulnerability can result in unauthorized Operating
        System hang or frequently repeatable crash (complete
        DOS) as well as update, insert or delete access to some
        Solaris accessible data and read access to a subset of
        Solaris accessible data. (CVE-2013-5866)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=1586053.1"
      );
      # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1865183.xml
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b97601f8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the oct2013 CPU from the Oracle support website."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    
    
    fix_release = "0.5.11-0.175.1.12.0.5.0";
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.1.12.0.5.0", sru:"11.1.12.5.0") > 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2());
      else security_warning(0);
      exit(0);
    }
    audit(AUDIT_OS_RELEASE_NOT, "Solaris", fix_release, release);
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_124939.NASL
    descriptionVulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Cacao). Supported versions that are affected are 10 and 11.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SNMP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Cacao). Supported versions that are affected are 10 and 11.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SNMP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 124939 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id24846
    published2007-03-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24846
    titleSolaris 10 (sparc) : 124939-05 (deprecated)
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(24846);
      script_version("1.21");
      script_cvs_date("Date: 2018/07/30 15:31:32");
    
      script_cve_id("CVE-2007-1419", "CVE-2013-3837");
      script_bugtraq_id(63080);
    
      script_name(english:"Solaris 10 (sparc) : 124939-05 (deprecated)");
      script_summary(english:"Check for patch 124939-05");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Vulnerability in the Solaris component of Oracle and Sun Systems
    Products Suite (subcomponent: Cacao). Supported versions that are
    affected are 10 and 11.1. Difficult to exploit vulnerability allows
    successful unauthenticated network attacks via SNMP. Successful attack
    of this vulnerability can result in unauthorized ability to cause a
    partial denial of service (partial DOS) of Solaris.
    
    Vulnerability in the Solaris component of Oracle and Sun Systems
    Products Suite (subcomponent: Cacao). Supported versions that are
    affected are 10 and 11.1. Difficult to exploit vulnerability allows
    successful unauthenticated network attacks via SNMP. Successful attack
    of this vulnerability can result in unauthorized ability to cause a
    partial denial of service (partial DOS) of Solaris.
    
    This plugin has been deprecated and either replaced with individual
    124939 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/124939-05"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 124939 instead.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_124939.NASL
    descriptionVulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Cacao). Supported versions that are affected are 10 and 11.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SNMP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Cacao). Supported versions that are affected are 10 and 11.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SNMP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. This plugin has been deprecated and either replaced with individual 124939 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id24850
    published2007-03-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24850
    titleSolaris 10 (x86) : 124939-05 (deprecated)
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(24850);
      script_version("1.21");
      script_cvs_date("Date: 2018/07/30 15:31:32");
    
      script_cve_id("CVE-2007-1419", "CVE-2013-3837");
      script_bugtraq_id(63080);
    
      script_name(english:"Solaris 10 (x86) : 124939-05 (deprecated)");
      script_summary(english:"Check for patch 124939-05");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Vulnerability in the Solaris component of Oracle and Sun Systems
    Products Suite (subcomponent: Cacao). Supported versions that are
    affected are 10 and 11.1. Difficult to exploit vulnerability allows
    successful unauthenticated network attacks via SNMP. Successful attack
    of this vulnerability can result in unauthorized ability to cause a
    partial denial of service (partial DOS) of Solaris.
    
    Vulnerability in the Solaris component of Oracle and Sun Systems
    Products Suite (subcomponent: Cacao). Supported versions that are
    affected are 10 and 11.1. Difficult to exploit vulnerability allows
    successful unauthenticated network attacks via SNMP. Successful attack
    of this vulnerability can result in unauthorized ability to cause a
    partial denial of service (partial DOS) of Solaris.
    
    This plugin has been deprecated and either replaced with individual
    124939 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/124939-05"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/10/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 124939 instead.");
    

Oval

accepted2013-12-30T04:00:27.962-05:00
classvulnerability
contributors
nameMerryl DMello
organizationHewlett-Packard
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionUnspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.
familyunix
idoval:org.mitre.oval:def:19496
statusaccepted
submitted2013-11-20T11:43:28.000-05:00
titleCRITICAL PATCH UPDATE OCTOBER 2013
version38