Lucene search
K

Solaris 10 (sparc) : 153056-01

🗓️ 16 Jul 2019 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 27 Views

Vulnerability in Sun System Products Suite (Filesystem), Oracle Solaris 10 (sparc) : 153056-01 allows takeover of Oracle Solaris

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
Oracle Solaris Component Access Control Error Vulnerability (CNVD-2019-28098)
19 Jul 201900:00
cnvd
CVE
CVE-2019-2804
23 Jul 201922:31
cve
Cvelist
CVE-2019-2804
23 Jul 201922:31
cvelist
EUVD
EUVD-2019-12443
7 Oct 202500:30
euvd
NVD
CVE-2019-2804
23 Jul 201923:15
nvd
Oracle
Oracle Critical Patch Update Advisory - July 2019
16 Jul 201900:00
oracle
OSV
CVE-2019-2804
23 Jul 201923:15
osv
Prion
Code injection
23 Jul 201923:15
prion
RedhatCVE
CVE-2019-2804
9 Jan 202610:13
redhatcve
Tenable Nessus
Solaris 10 (x86) : 153057-01
16 Jul 201900:00
nessus
Rows per page
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include("compat.inc");

if (description)
{
  script_id(126724);
  script_version("1.7");
  script_cvs_date("Date: 2020/01/08");

  script_cve_id("CVE-2019-2804");

  script_name(english:"Solaris 10 (sparc) : 153056-01");
  script_summary(english:"Check for patch 153056-01");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote host is missing Sun Security Patch number 153056-01"
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vulnerability in the Oracle Solaris product of Oracle Sun Systems
Products Suite (component: Filesystem). Supported versions that are
affected are 11.4 and 10. Easily exploitable vulnerability allows low
privileged attacker with logon to the infrastructure where Oracle
Solaris executes to compromise Oracle Solaris. Successful attacks
require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in takeover of
Oracle Solaris."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/153056-01"
  );
  script_set_attribute(attribute:"solution", value:"Install patch 153056-01 or higher");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2804");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:153056");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/16");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");

showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"153056-01", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"153056-01", obsoleted_by:"", package:"SUNWcsu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;

if (flag) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : solaris_get_report()
  );
} else {
  patch_fix = solaris_patch_fix_get();
  if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
  tested = solaris_pkg_tests_get();
  if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcsr / SUNWcsu");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Jan 2020 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 26.9
CVSS 37.3
EPSS0.0051
SSVC
27