Lucene search
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARIS10_X86_125359-15.NASLHistoryMar 12, 2018 - 12:00 a.m.
Solaris 10 (x86) : 125359-15 (BEAST)
2018-03-1200:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.009
Percentile
82.3%
NSS_NSPR_JSS 3.13.1 Solaris_x86: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.
Date this patch was last updated by Sun : Feb/08/12
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(107926);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2011-3389");
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_name(english:"Solaris 10 (x86) : 125359-15 (BEAST)");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing Sun Security Patch number 125359-15");
script_set_attribute(attribute:"description", value:
"NSS_NSPR_JSS 3.13.1 Solaris_x86: NSPR 4.8.9 / NSS 3.13.1 / JSS 4.3.
Date this patch was last updated by Sun : Feb/08/12");
script_set_attribute(attribute:"see_also", value:"https://getupdates.oracle.com/readme/125359-15");
script_set_attribute(attribute:"solution", value:
"Install patch 125359-15 or higher");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-3389");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2012/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:125359");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Solaris Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"125359-15", obsoleted_by:"", package:"SUNWjss", version:"4.2.4,REV=2006.11.16.21.41") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"125359-15", obsoleted_by:"", package:"SUNWpr", version:"4.6.4,REV=2006.11.16.21.41") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"125359-15", obsoleted_by:"", package:"SUNWprd", version:"4.6.4,REV=2006.11.16.21.41") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"125359-15", obsoleted_by:"", package:"SUNWtls", version:"3.11.4,REV=2006.11.16.21.41") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"125359-15", obsoleted_by:"", package:"SUNWtlsd", version:"3.11.4,REV=2006.11.16.21.41") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"125359-15", obsoleted_by:"", package:"SUNWtlsu", version:"3.11.4,REV=2006.11.16.21.41") < 0) flag++;
if (flag) {
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : solaris_get_report()
);
} else {
patch_fix = solaris_patch_fix_get();
if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
tested = solaris_pkg_tests_get();
if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWjss / SUNWpr / SUNWprd / SUNWtls / SUNWtlsd / SUNWtlsu");
}
Related
openvas
openvas
Fedora Update for xulrunner FEDORA-2011-17399
2012-01-23 00:00:00
Fedora Update for gnome-python2-extras FEDORA-2011-17399
2012-01-23 00:00:00
Fedora Update for thunderbird FEDORA-2011-17400
2012-04-02 00:00:00
checkpoint_advisories
checkpoint_advisories
fedora
fedora
[SECURITY] Fedora 16 Update: nss-3.13.1-9.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 15 Update: thunderbird-lightning-1.1-0.1.rc1.fc15
2012-01-22 05:26:28
[SECURITY] Fedora 16 Update: thunderbird-9.0-4.fc16
2011-12-23 03:31:27
ibm
ibm
nessus
nessus
FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)
2012-08-30 00:00:00
Fedora 15 : firefox-9.0.1-1.fc15 / gnome-python2-extras-2.25.3-35.fc15.4 / nspr-4.8.9-2.fc15 / etc (2011-17399)
2012-01-23 00:00:00
Deprecated
2011-09-29 00:00:00
securityvulns
securityvulns
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2014-05-05 00:00:00
ESA-2012-032: RSA BSAFE(r) Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2012-10-29 00:00:00
lighthttpd security vulnerabilities
2012-01-02 00:00:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
Siemens SIMATIC RF6XXR
2019-07-11 12:00:00
nvd
nvd
CVE-2011-3389
2011-09-06 19:55:03
CVE-2004-2770
2011-09-25 10:55:04
cve
cve
CVE-2011-3389
2011-09-06 19:55:03
CVE-2004-2770
2011-09-25 10:55:04
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apple XCode 4.x 信息泄露漏洞
2012-07-27 00:00:00
debiancve
debiancve
CVE-2011-3389
2011-09-06 19:55:03
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
mskb
mskb
prion
prion
Session fixation
2011-09-06 19:55:00
osv
osv
CGA-m3vx-v2q7-5ghm
2024-06-06 12:28:22
nss - security update
2015-02-16 00:00:00
lighttpd - several
2011-12-20 00:00:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
ubuntucve
ubuntucve
CVE-2011-3389
2011-11-16 00:00:00
debian
debian
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
[SECURITY] [DSA 2381-] lighttpd security update
2011-12-21 00:02:46
[SECURITY] [DSA 2398-1] curl security update
2012-01-30 19:49:07
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
asterisk -- Multiple vulnerabilities
2016-02-03 00:00:00
opera -- multiple vulnerabilities
2011-12-06 00:00:00
cvelist
cvelist
CVE-2011-3389
2011-09-06 19:00:00
rubygems
rubygems
f5
f5
rapid7blog
rapid7blog
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.009
Percentile
82.3%
Related for SOLARIS10_X86_125359-15.NASL