Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARIS10_149075-01.NASL
HistoryMar 12, 2018 - 12:00 a.m.

Solaris 10 (sparc) : 149075-01

2018-03-1200:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite (subcomponent: Print Filter Utility). Supported versions that are affected are 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(107674);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-0442");

  script_name(english:"Solaris 10 (sparc) : 149075-01");
  script_summary(english:"Check for patch 149075-01");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote host is missing Sun Security Patch number 149075-01"
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vulnerability in the Solaris component of Oracle and Sun Systems
Products Suite (subcomponent: Print Filter Utility). Supported
versions that are affected are 9, 10 and 11.1. Easily exploitable
vulnerability requiring logon to Operating System. Successful attack
of this vulnerability can result in unauthorized update, insert or
delete access to some Solaris accessible data as well as read access
to a subset of Solaris accessible data and ability to cause a partial
denial of service (partial DOS) of Solaris."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/149075-01"
  );
  script_set_attribute(attribute:"solution", value:"Install patch 149075-01 or higher");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0442");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149075");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");

showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"149075-01", obsoleted_by:"", package:"SUNWpsutils", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"149075-01", obsoleted_by:"", package:"SUNWpsutilsS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;

if (flag) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : solaris_get_report()
  );
} else {
  patch_fix = solaris_patch_fix_get();
  if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
  tested = solaris_pkg_tests_get();
  if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWpsutils / SUNWpsutilsS");
}
VendorProductVersionCPE
oraclesolaris10p-cpe:/a:oracle:solaris:10:149075
oraclesolaris10cpe:/o:oracle:solaris:10

Related

nessus 6
cvelist 1
cve 1
prion 1
securityvulns 1
oracle 1
nessus
nessus
Solaris 9 (x86) : 149074-01
2014-04-17 00:00:00
Solaris 10 (sparc) : 149075-01 (deprecated)
2014-03-17 00:00:00
Solaris 10 (x86) : 149076-01
2018-03-12 00:00:00
cvelist
cvelist
CVE-2014-0442
2014-04-15 22:00:00
cve
cve
CVE-2014-0442
2014-04-16 00:55:00
prion
prion
Design/Logic Flaw
2014-04-16 00:55:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
2014-05-02 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2014
2014-04-15 00:00:00
JSON
Related for SOLARIS10_149075-01.NASL
nessus6cvelist1cve1prion1securityvulns1oracle1