Lucene search
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARIS10_X86_145334-33.NASLHistoryMar 12, 2018 - 12:00 a.m.
Solaris 10 (x86) : 145334-33
2018-03-1200:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: System management). Supported versions that are affected are 3.3 and 4.1. Easily exploitable vulnerability allows successful authenticated network attacks via TCP/IP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: System management). Supported versions that are affected are 3.3 and 4.1. Easily exploitable vulnerability requiring logon to Operating System plus additional, multiple logins to components. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(108075);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2014-4259", "CVE-2014-6480");
script_name(english:"Solaris 10 (x86) : 145334-33");
script_summary(english:"Check for patch 145334-33");
script_set_attribute(
attribute:"synopsis",
value:"The remote host is missing Sun Security Patch number 145334-33"
);
script_set_attribute(
attribute:"description",
value:
"Vulnerability in the Solaris Cluster component of Oracle Sun Systems
Products Suite (subcomponent: System management). Supported versions
that are affected are 3.3 and 4.1. Easily exploitable vulnerability
allows successful authenticated network attacks via TCP/IP. Successful
attack of this vulnerability can result in unauthorized Operating
System takeover including arbitrary code execution.
Vulnerability in the Solaris Cluster component of Oracle Sun Systems
Products Suite (subcomponent: System management). Supported versions
that are affected are 3.3 and 4.1. Easily exploitable vulnerability
requiring logon to Operating System plus additional, multiple logins
to components. Successful attack of this vulnerability can escalate
attacker privileges resulting in unauthorized Operating System
takeover including arbitrary code execution."
);
script_set_attribute(
attribute:"see_also",
value:"https://getupdates.oracle.com/readme/145334-33"
);
script_set_attribute(attribute:"solution", value:"Install patch 145334-33 or higher");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4259");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:145334");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:145641");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21");
script_set_attribute(attribute:"patch_publication_date", value:"2015/06/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWsccomu", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWsccomzu", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscderby", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscdev", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscgds", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscmasa", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscmasar", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscmasasen", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscmasau", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscmasazu", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscmautil", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscmd", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscr", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscrtlh", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscsal", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscsmf", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscspmu", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWsctelemetry", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscu", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWscucm", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWsczr", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"145334-33", obsoleted_by:"", package:"SUNWsczu", version:"3.3.0,REV=2010.07.26.13.13") < 0) flag++;
if (flag) {
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : solaris_get_report()
);
} else {
patch_fix = solaris_patch_fix_get();
if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
tested = solaris_pkg_tests_get();
if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsccomu / SUNWsccomzu / SUNWscderby / SUNWscdev / SUNWscgds / etc");
}
Related
nessus
nessus
Solaris 10 (x86) : 145334-34
2018-03-12 00:00:00
Solaris 10 (x86) : 145334-39 (deprecated)
2013-12-28 00:00:00
cvelist
cvelist
CVE-2014-4259
2015-01-21 02:00:00
CVE-2014-6480
2015-01-21 02:00:00
prion
prion
Code injection
2015-01-21 14:59:00
Code injection
2015-01-21 14:59:00
cve
cve
CVE-2014-4259
2015-01-21 14:59:00
CVE-2014-6480
2015-01-21 14:59:00
thn
thn
Oracle releases 169 Updates, Including 19 Patches for JAVA Vulnerabilities
2015-01-21 08:36:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Related for SOLARIS10_X86_145334-33.NASL