Vulnerabilities > CVE-2014-0421 - Local Security vulnerability in SUN Sunos 5.10

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

sun

nessus

NVD

Published: 2014-04-16

Updated: 2014-04-16

Summary

Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Sunos 5.10	1

Nessus

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_151145.NASL
description	SunOS 5.10: vntsd vcc patch. Date this patch was last updated by Sun : Jun/14/14 This plugin has been deprecated and either replaced with individual 151145 patch-revision plugins, or deemed non-security related.
last seen	2019-02-21
modified	2018-07-30
plugin id	73055
published	2014-03-17
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=73055
title	Solaris 10 (sparc) : 151145-02 (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(73055); script_version("1.12"); script_cvs_date("Date: 2018/07/30 15:31:32"); script_cve_id("CVE-2014-0421"); script_bugtraq_id(66833); script_name(english:"Solaris 10 (sparc) : 151145-02 (deprecated)"); script_summary(english:"Check for patch 151145-02"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "SunOS 5.10: vntsd vcc patch. Date this patch was last updated by Sun : Jun/14/14 This plugin has been deprecated and either replaced with individual 151145 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/151145-02" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 151145 instead.");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_151145-01.NASL
description	Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: SPARC64-X Platform). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. Note: Applies only when Solaris is running on SPARC64-X platform.
last seen	2020-06-01
modified	2020-06-02
plugin id	107738
published	2018-03-12
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107738
title	Solaris 10 (sparc) : 151145-01
code	# # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107738); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2014-0421"); script_name(english:"Solaris 10 (sparc) : 151145-01"); script_summary(english:"Check for patch 151145-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 151145-01" ); script_set_attribute( attribute:"description", value: "Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: SPARC64-X Platform). The supported version that is affected is 10. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. Note: Applies only when Solaris is running on SPARC64-X platform." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/151145-01" ); script_set_attribute(attribute:"solution", value:"Install patch 151145-01 or higher"); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0421"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151145"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"151145-01", obsoleted_by:"150400-20 ", package:"SUNWldomr", version:"11.10.0,REV=2006.10.04.00.26") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"151145-01", obsoleted_by:"150400-20 ", package:"SUNWldomu", version:"11.10.0,REV=2006.08.08.12.13") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWldomr / SUNWldomu"); }

References

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html