Solaris 10 (x86) : 148310-10

🗓️ 15 Jan 2019 00:00:00Reported by TenableType

Checking for Oracle Solaris patch 148310-10 to address a vulnerability in the DHCP Client component

Reporter	Title	Published	Views	Family All 10
CNVD	Unspecified Vulnerability in Oracle Solaris (CNVD-2019-28425)	16 Jan 201900:00	–	cnvd
CVE	CVE-2019-2541	16 Jan 201919:00	–	cve
Cvelist	CVE-2019-2541	16 Jan 201919:00	–	cvelist
EUVD	EUVD-2019-12181	7 Oct 202500:30	–	euvd
NVD	CVE-2019-2541	16 Jan 201919:30	–	nvd
Oracle	Oracle Critical Patch Update Advisory - January 2019	15 Jan 201900:00	–	oracle
OSV	CVE-2019-2541	16 Jan 201919:30	–	osv
Prion	Design/Logic Flaw	16 Jan 201919:30	–	prion
Tenable Nessus	Solaris 10 (sparc) : 148309-10	15 Jan 201900:00	–	nessus
Vulnrichment	CVE-2019-2541	16 Jan 201919:00	–	vulnrichment

Source	Link
getupdates	www.getupdates.oracle.com/readme/148310-10
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#

include('compat.inc');

if (description)
{
  script_id(121182);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/21");

  script_cve_id("CVE-2019-2541");

  script_name(english:"Solaris 10 (x86) : 148310-10");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing Sun Security Patch number 148310-10");
  script_set_attribute(attribute:"description", value:
"Vulnerability in the Oracle Solaris component of Oracle Sun Systems
Products Suite (subcomponent: DHCP Client). The supported version that
is affected is 10. Difficult to exploit vulnerability allows
unauthenticated attacker with access to the physical communication
segment attached to the hardware where the Oracle Solaris executes to
compromise Oracle Solaris. Successful attacks of this vulnerability
can result in takeover of Oracle Solaris.");
  script_set_attribute(attribute:"see_also", value:"https://getupdates.oracle.com/readme/148310-10");
  script_set_attribute(attribute:"solution", value:
"Install patch 148310-10 or higher");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2541");
  script_set_attribute(attribute:"cvss3_score_rationale", value:"Scoring adjustsed to align with CVSS 3.1 attack complexity guidance.");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138877");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:144545");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146477");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:148310");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Solaris Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");

showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"148310-10", obsoleted_by:"", package:"SUNWcslr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"148310-10", obsoleted_by:"", package:"SUNWcsr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"148310-10", obsoleted_by:"", package:"SUNWdhcsu", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"148310-10", obsoleted_by:"", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;

if (flag) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : solaris_get_report()
  );
} else {
  patch_fix = solaris_patch_fix_get();
  if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
  tested = solaris_pkg_tests_get();
  if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcslr / SUNWcsr / SUNWdhcsu / SUNWhea");
}

21 Oct 2025 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 25.4

CVSS 37.5

EPSS0.00376

SSVC