Vulnerabilities > CVE-2017-3632 - Unspecified vulnerability in Oracle Solaris 10/11

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
oracle
critical
nessus

Summary

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the "EASYSTREET" vulnerability. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Configurations

Part Description Count
OS
Oracle
2

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_124393-13.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    last seen2020-06-01
    modified2020-06-02
    plugin id132890
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132890
    titleSolaris 10 (sparc) : 124393-13
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(132890);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id("CVE-2017-3632");
    
      script_name(english:"Solaris 10 (sparc) : 124393-13");
      script_summary(english:"Check for patch 124393-13");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 124393-13"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vulnerability in the Solaris component of Oracle Sun Systems Products
    Suite (subcomponent: CDE Calendar). Supported versions that are
    affected are 10 and 11. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via TCP to compromise
    Solaris. Successful attacks of this vulnerability can result in
    takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    'EASYSTREET' vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/124393-13"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 124393-13 or higher");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3632");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124393");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWdtbas", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWdtdmn", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWdtdmr", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWdtdst", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWdtdte", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWdtlog", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWdtma", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-13", obsoleted_by:"", package:"SUNWtltkm", version:"3.7.2,REV=10.2004.12.17") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWdtbas / SUNWdtdmn / SUNWdtdmr / SUNWdtdst / SUNWdtdte / etc");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS_JUL2017_SRU11_3_22_3_0.NASL
    descriptionThis Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    last seen2020-06-01
    modified2020-06-02
    plugin id101804
    published2017-07-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101804
    titleOracle Solaris Critical Patch Update : jul2017_SRU11_3_22_3_0
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle CPU for jul2017.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(101804);
      script_version("3.9");
      script_cvs_date("Date: 2020/01/16");
    
      script_cve_id("CVE-2017-3632");
    
      script_name(english:"Oracle Solaris Critical Patch Update : jul2017_SRU11_3_22_3_0");
      script_summary(english:"Check for the jul2017 CPU");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch from CPU
    jul2017."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This Solaris system is missing necessary patches to address a critical
    security update :
    
      - Vulnerability in the Solaris component of Oracle Sun
        Systems Products Suite (subcomponent: CDE Calendar).
        Supported versions that are affected are 10 and 11.
        Easily exploitable vulnerability allows unauthenticated
        attacker with network access via TCP to compromise
        Solaris. Successful attacks of this vulnerability can
        result in takeover of Solaris. Note: CVE-2017-3632 is
        assigned to the 'EASYSTREET' vulnerability.
        (CVE-2017-3632)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2280322.1"
      );
      # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?322067e2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.oracle.com/security-alerts/cpujul2017.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the jul2017 CPU from the Oracle support website."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    
    
    fix_release = "0.5.11-0.175.3.22.0.3.0";
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.3.22.0.3.0", sru:"11.3.22.3.0") > 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report2());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_OS_RELEASE_NOT, "Solaris", fix_release, release);
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_124393-12.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    last seen2020-06-01
    modified2020-06-02
    plugin id107402
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107402
    titleSolaris 10 (sparc) : 124393-12
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107402);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2017-3632");
    
      script_name(english:"Solaris 10 (sparc) : 124393-12");
      script_summary(english:"Check for patch 124393-12");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 124393-12"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vulnerability in the Solaris component of Oracle Sun Systems Products
    Suite (subcomponent: CDE Calendar). Supported versions that are
    affected are 10 and 11. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via TCP to compromise
    Solaris. Successful attacks of this vulnerability can result in
    takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    'EASYSTREET' vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/124393-12"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 124393-12 or higher");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3632");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124393");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWdtbas", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWdtdmn", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWdtdmr", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWdtdst", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWdtdte", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWdtlog", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWdtma", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"124393-12", obsoleted_by:"", package:"SUNWtltkm", version:"3.7.2,REV=10.2004.12.17") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWdtbas / SUNWdtdmn / SUNWdtdmr / SUNWdtdst / SUNWdtdte / etc");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_124394.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the 'EASYSTREET' vulnerability. This plugin has been deprecated and either replaced with individual 124394 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id71822
    published2014-01-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=71822
    titleSolaris 10 (x86) : 124394-12 (deprecated)
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(71822);
      script_version("1.12");
      script_cvs_date("Date: 2018/07/30 13:40:15");
    
      script_cve_id("CVE-2017-3632");
    
      script_name(english:"Solaris 10 (x86) : 124394-12 (deprecated)");
      script_summary(english:"Check for patch 124394-12");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Vulnerability in the Solaris component of Oracle Sun Systems Products
    Suite (subcomponent: CDE Calendar). Supported versions that are
    affected are 10 and 11. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via TCP to compromise
    Solaris. Successful attacks of this vulnerability can result in
    takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    'EASYSTREET' vulnerability.
    
    This plugin has been deprecated and either replaced with individual
    124394 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/124394-12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 124394 instead.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_124393.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the 'EASYSTREET' vulnerability. This plugin has been deprecated and either replaced with individual 124393 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id71814
    published2014-01-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=71814
    titleSolaris 10 (sparc) : 124393-12 (deprecated)
    code
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2018/03/12. Deprecated and either replaced by
    # individual patch-revision plugins, or has been deemed a
    # non-security advisory.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(71814);
      script_version("1.12");
      script_cvs_date("Date: 2018/07/30 13:40:15");
    
      script_cve_id("CVE-2017-3632");
    
      script_name(english:"Solaris 10 (sparc) : 124393-12 (deprecated)");
      script_summary(english:"Check for patch 124393-12");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Vulnerability in the Solaris component of Oracle Sun Systems Products
    Suite (subcomponent: CDE Calendar). Supported versions that are
    affected are 10 and 11. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via TCP to compromise
    Solaris. Successful attacks of this vulnerability can result in
    takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    'EASYSTREET' vulnerability.
    
    This plugin has been deprecated and either replaced with individual
    124393 patch-revision plugins, or deemed non-security related."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/124393-12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"n/a"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 124393 instead.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_124394-12.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    last seen2020-06-01
    modified2020-06-02
    plugin id107905
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107905
    titleSolaris 10 (x86) : 124394-12
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107905);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2017-3632");
    
      script_name(english:"Solaris 10 (x86) : 124394-12");
      script_summary(english:"Check for patch 124394-12");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 124394-12"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vulnerability in the Solaris component of Oracle Sun Systems Products
    Suite (subcomponent: CDE Calendar). Supported versions that are
    affected are 10 and 11. Easily exploitable vulnerability allows
    unauthenticated attacker with network access via TCP to compromise
    Solaris. Successful attacks of this vulnerability can result in
    takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    'EASYSTREET' vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/124394-12"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 124394-12 or higher");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3632");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124394");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWdtbas", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWdtdmn", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWdtdmr", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWdtdst", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWdtdte", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWdtlog", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWdtma", version:"1.6,REV=10.2004.12.17") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"124394-12", obsoleted_by:"", package:"SUNWtltkm", version:"3.7.2,REV=10.2004.12.17") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWdtbas / SUNWdtdmn / SUNWdtdmr / SUNWdtdst / SUNWdtdte / etc");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_124394-13.NASL
    descriptionVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the
    last seen2020-06-01
    modified2020-06-02
    plugin id132897
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132897
    titleSolaris 10 (x86) : 124394-13