Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Oracle Solaris Critical Patch Update : apr2013_SRU3

🗓️ 26 Jul 2014 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 26 Views

Oracle Solaris Critical Patch Update for NFS vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2013-0405
17 Apr 201305:04
cve
Cvelist		CVE-2013-0405
17 Apr 201305:04
cvelist
EUVD		EUVD-2013-0416
7 Oct 202500:30
euvd
NVD		CVE-2013-0405
17 Apr 201312:14
nvd
Oracle		Oracle Critical Patch Update - April 2013
16 Apr 201300:00
oracle
Oracle		Oracle Critical Patch Update - April 2013
16 Apr 201300:00
oracle
Prion		Design/Logic Flaw
17 Apr 201312:14
prion
securityvulns		Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities
4 May 201300:00
securityvulns
Tenable Nessus		Solaris 10 (sparc) : 148383-01
12 Mar 201800:00
nessus
Tenable Nessus		Solaris 10 (sparc) : 148383-01 (deprecated)
13 Feb 201300:00
nessus
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle CPU for apr2013.
#
include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(76803);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/08/11");

  script_cve_id("CVE-2013-0405");
  script_bugtraq_id(59157);

  script_name(english:"Oracle Solaris Critical Patch Update : apr2013_SRU3");
  script_summary(english:"Check for the apr2013 CPU");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Solaris system is missing a security patch from CPU
apr2013."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This Solaris system is missing necessary patches to address a critical
security update :

  - Vulnerability in the Solaris component of Oracle and Sun
    Systems Products Suite (subcomponent: Filesystem/NFS).
    Supported versions that are affected are 8, 9, 10 and
    11. Easily exploitable vulnerability allows successful
    unauthenticated network attacks via IPv6. Successful
    attack of this vulnerability can result in unauthorized
    update, insert or delete access to some Solaris
    accessible data as well as read access to a subset of
    Solaris accessible data. Note: CVE-2013-0405 occurs only
    when the Solaris NFS client mounts the NFS server over
    IPv6. (CVE-2013-0405)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=1526078.1"
  );
  # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1841214.xml
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?37eb6070"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Install the apr2013 CPU from the Oracle support website."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("solaris.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");


fix_release = "0.5.11-0.175.0.3.0.4.0";

flag = 0;

if (solaris_check_release(release:"0.5.11-0.175.0.3.0.4.0", sru:"Solaris 11.0.3.4") > 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2());
  else security_warning(0);
  exit(0);
}
audit(AUDIT_OS_RELEASE_NOT, "Solaris", fix_release, release);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Aug 2022 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS 26.4
EPSS0.00242
solariscritical patch updatenfs vulnerabilityipv6unauthenticated network attacks
26