Lucene search
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARIS10_X86_119214-36.NASLHistoryMar 12, 2018 - 12:00 a.m.
Solaris 10 (x86) : 119214-36
2018-03-1200:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.093 Low
EPSS
Percentile
94.7%
NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2.
Date this patch was last updated by Sun : Nov/11/17
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(107816);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2006-4339", "CVE-2006-4842", "CVE-2006-5201", "CVE-2006-7140");
script_name(english:"Solaris 10 (x86) : 119214-36");
script_summary(english:"Check for patch 119214-36");
script_set_attribute(
attribute:"synopsis",
value:"The remote host is missing Sun Security Patch number 119214-36"
);
script_set_attribute(
attribute:"description",
value:
"NSS_NSPR_JSS 3.30.2_x86: NSPR 4.15 / NSS 3.30.2 / JSS 4.3.2.
Date this patch was last updated by Sun : Nov/11/17"
);
script_set_attribute(
attribute:"see_also",
value:"https://getupdates.oracle.com/readme/119214-36"
);
script_set_attribute(attribute:"solution", value:"Install patch 119214-36 or higher");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-7140");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Solaris libnspr NSPR_LOG_FILE Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_cwe_id(310);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119214");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119214-36", obsoleted_by:"", package:"SUNWjss", version:"4.0,REV=2004.11.05.03.05") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119214-36", obsoleted_by:"", package:"SUNWpr", version:"4.5.1,REV=2004.11.05.03.44") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119214-36", obsoleted_by:"", package:"SUNWprd", version:"4.5.1,REV=2004.11.05.03.44") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119214-36", obsoleted_by:"", package:"SUNWtls", version:"3.9.5,REV=2005.01.14.19.03") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119214-36", obsoleted_by:"", package:"SUNWtlsd", version:"3.9.5,REV=2005.01.14.19.03") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119214-36", obsoleted_by:"", package:"SUNWtlsu", version:"3.9.5,REV=2005.01.14.19.03") < 0) flag++;
if (flag) {
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : solaris_get_report()
);
} else {
patch_fix = solaris_patch_fix_get();
if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
tested = solaris_pkg_tests_get();
if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWjss / SUNWpr / SUNWprd / SUNWtls / SUNWtlsd / SUNWtlsu");
}
Related
nessus
nessus
Solaris 10 (sparc) : 119213-32
2018-03-12 00:00:00
Solaris 10 (x86) : 119214-30
2018-03-12 00:00:00
Solaris 10 (sparc) : 119213-31
2018-03-12 00:00:00
cve
cve
cvelist
cvelist
nvd
nvd
cbl_mariner
cbl_mariner
CVE-2006-5201 affecting package nss 3.44-2
2022-01-10 03:59:22
ubuntucve
ubuntucve
openvas
openvas
FreeBSD Ports: opera, opera-devel, linux-opera
2008-09-04 00:00:00
Slackware: Security Advisory (SSA:2006-257-02)
2012-09-10 00:00:00
SLES9: Security update for openssl
2009-10-10 00:00:00
securityvulns
securityvulns
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind)
2006-11-05 00:00:00
SIP over TLS: X.509 peer authentication vulnerability in Ingate products
2006-09-15 00:00:00
jvn
jvn
JVN#51615542: Adobe Reader fails to properly handle signatures
2012-08-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4
2006-09-06 00:00:00
canvas
canvas
Immunity Canvas: CVE_2006_4842
2006-10-12 00:07:00
seebug
seebug
Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation Vulnerability (2)
2014-07-01 00:00:00
Solaris 10 libnspr - constructor Local Root Exploit
2014-07-01 00:00:00
Solaris 10 libnspr LD_PRELOAD Arbitrary File Creation Local Root Exploit
2006-10-27 00:00:00
packetstorm
packetstorm
Solaris libnspr NSPR_LOG_FILE Privilege Escalation
2018-09-18 00:00:00
zdt
zdt
Solaris libnspr NSPR_LOG_FILE Privilege Escalation Exploit
2018-09-18 00:00:00
exploitpack
exploitpack
gentoo
gentoo
OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
2006-09-07 00:00:00
Mozilla Network Security Service (NSS): RSA signature forgery
2006-10-17 00:00:00
centos
centos
openssl, openssl096b security update
2006-09-08 09:58:00
openssl, openssl095a, openssl096 security update
2006-09-11 00:52:04
openssl
openssl
Vulnerability in OpenSSL CVE-2006-4339
2006-09-05 00:00:00
debiancve
debiancve
CVE-2006-4339
2006-09-05 17:04:00
CVE-2006-4340
2006-09-15 18:07:00
slackware
slackware
[slackware-security] openssl
2006-09-14 22:05:20
[slackware-security] bind
2006-11-07 06:26:27
ubuntu
ubuntu
OpenSSL vulnerability
2006-09-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability
2006-11-13 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:19.openssl
2006-09-06 00:00:00
f5
f5
SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339
2007-05-16 00:00:00
K6623 : OpenSSL signature vulnerability - CVE-2006-4339
2013-03-26 00:00:00
debian
debian
freebsd
freebsd
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-09-06 00:00:00
opera -- RSA Signature Forgery
2006-09-18 00:00:00
checkpoint_security
checkpoint_security
OpenSSL CVE-2006-4339 8732 vulnerability Fix
2006-10-18 22:00:00
cert
cert
Multiple RSA implementations fail to properly handle signatures
2006-09-11 00:00:00
redhat
redhat
(RHSA-2006:0661) openssl security update
2006-09-06 00:00:00
osv
osv
openssl - cryptographic weakness
2006-09-10 00:00:00
exploitdb
exploitdb
cisco
cisco
OpenSSL RSA Signature Forgery Vulnerability
2006-09-05 17:39:31
suse
suse
remote code execution in opera
2006-10-19 13:18:21
RSA signature evasion in openssl,mozilla-nss
2006-09-22 15:25:59
mozilla
mozilla
RSA Signature Forgery — Mozilla
2006-09-14 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.093 Low
EPSS
Percentile
94.7%
Related for SOLARIS10_X86_119214-36.NASL