Search...

Sun Java Web Console libwebconsole_services.so Format String Remote DoS

2007-04-17T07:18:52

ID OSVDB:34902
Type osvdb
Reporter OSVDB
Modified 2007-04-17T07:18:52

Description

No description provided by the source

References:

Vendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1 Security Tracker: 1017930 Secunia Advisory ID:24927 Other Advisory URL: http://www.nruns.com/security_advisory_sun_java_format_string.php Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0286.html ISS X-Force ID: 33731 FrSIRT Advisory: ADV-2007-1443 CVE-2007-1681 Bugtraq ID: 23539

JSON Vulners Source

Initial Source

{"bulletinFamily": "software", "viewCount": 3, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1\nSecurity Tracker: 1017930\n[Secunia Advisory ID:24927](https://secuniaresearch.flexerasoftware.com/advisories/24927/)\nOther Advisory URL: http://www.nruns.com/security_advisory_sun_java_format_string.php\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0286.html\nISS X-Force ID: 33731\nFrSIRT Advisory: ADV-2007-1443\n[CVE-2007-1681](https://vulners.com/cve/CVE-2007-1681)\nBugtraq ID: 23539\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:34902", "modified": "2007-04-17T07:18:52", "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2017-04-28T13:20:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1681"]}, {"type": "nessus", "idList": ["SOLARIS10_X86_121212-02.NASL", "SUN_JAVA_WEB_CONSOLE_FORMAT_STRING.NASL", "SOLARIS10_X86_121212.NASL", "SOLARIS10_121211.NASL", "SOLARIS10_121211-02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:855418", "OPENVAS:1361412562310855418", "OPENVAS:855215", "OPENVAS:1361412562310855215"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7598", "SECURITYVULNS:DOC:16745"]}], "modified": "2017-04-28T13:20:31", "rev": 2}, "vulnersScore": 6.7}, "id": "OSVDB:34902", "title": "Sun Java Web Console libwebconsole_services.so Format String Remote DoS", "edition": 1, "published": "2007-04-17T07:18:52", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-1681"], "lastseen": "2017-04-28T13:20:31"}

{"cve": [{"lastseen": "2020-10-03T11:45:50", "description": "Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.\nRoot level code execution is only possible if the web console is running as root, which it does not by default.\nThe vendor has addressed this issue through multiple product updates: \r\n\r\nSun Java Web Console 2.2.2\r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.2 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.3 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.3 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.4 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.4 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console x86 2.2.5 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n\r\n\r\nSun Java Web Console 2.2.5 \r\nhttp://www.sun.com/download/products.xml?id=461d58be\r\n", "edition": 3, "cvss3": {}, "published": "2007-04-19T10:19:00", "title": "CVE-2007-1681", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1681"], "modified": "2018-10-16T16:40:00", "cpe": ["cpe:/a:sun:java_web_console:2.2.2", "cpe:/o:sun:solaris:10.0", "cpe:/a:sun:java_web_console:2.2.4", "cpe:/a:sun:java_web_console:2.2.3", "cpe:/a:sun:java_web_console:2.2.5"], "id": "CVE-2007-1681", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1681", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:sun:java_web_console:2.2.2:*:x86:*:*:*:*:*", "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*", "cpe:2.3:a:sun:java_web_console:2.2.3:*:x86:*:*:*:*:*", "cpe:2.3:a:sun:java_web_console:2.2.4:*:x86:*:*:*:*:*", "cpe:2.3:a:sun:java_web_console:2.2.5:*:x86:*:*:*:*:*", "cpe:2.3:o:sun:solaris:10.0:hw2:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:13:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "description": "Check for the Version of Sun Java Web Console (Lockhart)", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:855215", "href": "http://plugins.openvas.org/nasl.php?oid=855215", "type": "openvas", "title": "Solaris Update for Sun Java Web Console (Lockhart) 121211-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Sun Java Web Console (Lockhart) 121211-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Sun Java Web Console (Lockhart) on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Sun Java Web Console (Lockhart)\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855215);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2007-1681\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121211-02\");\n script_name( \"Solaris Update for Sun Java Web Console (Lockhart) 121211-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121211-02-1\");\n\n script_summary(\"Check for the Version of Sun Java Web Console (Lockhart)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121211-02\", package:\"SUNWmcon SUNWmcosx SUNWmcos SUNWmctag\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "description": "Check for the Version of Sun Java Web Console (Lockhart)", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:855418", "href": "http://plugins.openvas.org/nasl.php?oid=855418", "type": "openvas", "title": "Solaris Update for Sun Java Web Console (Lockhart) 121212-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Sun Java Web Console (Lockhart) 121212-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Sun Java Web Console (Lockhart) on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Sun Java Web Console (Lockhart)\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855418);\n script_version(\"$Revision: 5359 $\");\n script_cve_id(\"CVE-2007-1681\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121212-02\");\n script_name( \"Solaris Update for Sun Java Web Console (Lockhart) 121212-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121212-02-1\");\n\n script_summary(\"Check for the Version of Sun Java Web Console (Lockhart)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"121212-02\", package:\"SUNWmcon SUNWmcosx SUNWmcos SUNWmctag\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "description": "Check for the Version of Sun Java Web Console (Lockhart)", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855418", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855418", "type": "openvas", "title": "Solaris Update for Sun Java Web Console (Lockhart) 121212-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Sun Java Web Console (Lockhart) 121212-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Sun Java Web Console (Lockhart) on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Sun Java Web Console (Lockhart)\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855418\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2007-1681\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121212-02\");\n script_name( \"Solaris Update for Sun Java Web Console (Lockhart) 121212-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121212-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Sun Java Web Console (Lockhart)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"121212-02\", package:\"SUNWmcon SUNWmcosx SUNWmcos SUNWmctag\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "description": "Check for the Version of Sun Java Web Console (Lockhart)", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855215", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855215", "type": "openvas", "title": "Solaris Update for Sun Java Web Console (Lockhart) 121211-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Sun Java Web Console (Lockhart) 121211-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Sun Java Web Console (Lockhart) on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Sun Java Web Console (Lockhart)\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855215\");\n script_version(\"$Revision: 9370 $\");\n script_cve_id(\"CVE-2007-1681\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUNSolve\", value: \"121211-02\");\n script_name( \"Solaris Update for Sun Java Web Console (Lockhart) 121211-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-121211-02-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of Sun Java Web Console (Lockhart)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121211-02\", package:\"SUNWmcon SUNWmcosx SUNWmcos SUNWmctag\") < 0)\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:09:51", "description": "SunOS 5.10: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07\n\nThis plugin has been deprecated and either replaced with individual 121211 patch-revision plugins, or deemed non-security related.", "edition": 8, "published": "2007-04-19T00:00:00", "title": "Solaris 10 (sparc) : 121211-02 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_121211.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25070", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25070);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/30 13:40:13\");\n\n script_cve_id(\"CVE-2007-1681\");\n\n script_name(english:\"Solaris 10 (sparc) : 121211-02 (deprecated)\");\n script_summary(english:\"Check for patch 121211-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07\n\nThis plugin has been deprecated and either replaced with individual\n121211 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1001060.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 121211 instead.\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:09:51", "description": "SunOS 5.10_x86: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07\n\nThis plugin has been deprecated and either replaced with individual 121212 patch-revision plugins, or deemed non-security related.", "edition": 8, "published": "2007-04-19T00:00:00", "title": "Solaris 10 (x86) : 121212-02 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_121212.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25072", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25072);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/30 13:40:13\");\n\n script_cve_id(\"CVE-2007-1681\");\n\n script_name(english:\"Solaris 10 (x86) : 121212-02 (deprecated)\");\n script_summary(english:\"Check for patch 121212-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"SunOS 5.10_x86: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07\n\nThis plugin has been deprecated and either replaced with individual\n121212 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://download.oracle.com/sunalerts/1001060.1.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 121212 instead.\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-01-01T05:50:14", "description": "The remote host is running SUN Java Web Console. \n\nThe remote version of this service does not properly sanitize calls\nto the syslog function. By sending a specially crafted request\nit is possible to exploit this format string error.\nAn attacker can exploit it to execute code with the privileges of\nthe web server.", "edition": 24, "published": "2007-04-23T00:00:00", "title": "Sun Java Web Console LibWebconsole_Services.SO Remote Format String", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:sun:java_web_console"], "id": "SUN_JAVA_WEB_CONSOLE_FORMAT_STRING.NASL", "href": "https://www.tenable.com/plugins/nessus/25082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) \n{\n script_id(25082);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2007-1681\");\n script_bugtraq_id(23539);\n\n script_name(english:\"Sun Java Web Console LibWebconsole_Services.SO Remote Format String\");\n script_summary(english:\"Checks Sun Java Web Console Version\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is prone to a format string attack.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running SUN Java Web Console. \n\nThe remote version of this service does not properly sanitize calls\nto the syslog function. By sending a specially crafted request\nit is possible to exploit this format string error.\nAn attacker can exploit it to execute code with the privileges of\nthe web server.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://piratebay-proxies.com/best-internet-security/\");\n # http://web.archive.org/web/20070504053040/http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49b94d2d\");\n script_set_attribute(attribute:\"solution\", value:\n\"See the vendor's update for information on workarounds and solutions\nto this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value: \"cpe:/a:sun:java_web_console\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_dependencie(\"http_version.nasl\", \"ssh_detect.nasl\");\n script_require_ports(\"Services/www\", 6789);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nif (!get_kb_item('Settings/PCI_DSS'))\n{\n ssh_port = get_kb_item(\"Services/ssh\");\n if (!ssh_port) exit(0);\n\n banner = get_kb_item(string(\"SSH/banner/\", ssh_port));\n if (\"Sun_SSH\" >!< banner) exit(0,\"The remote SSH banner on port \"+ssh_port+\" is not from a Solaris system.\"); \n}\n\n\nport = 6789;\nif (!get_port_state(port))\n exit(1, \"Port \"+port+\" is not open.\");\n\nw = http_send_recv3(method:\"GET\", item:\"/console/html/en/console_version.shtml\", port:port,exit_on_fail:TRUE);\n\nif (\"<title>Sun Java(TM) Web Console: Version</title>\" >!< w[2])\n exit (0,\"The remote web server on port \"+ port + \" does not appear to be Sun Java(TM) Web Console.\");\n\nw = http_send_recv3(port: port, item:\"/console/html/en/version.txt\", method:\"GET\",exit_on_fail:TRUE);\n\n#res = strcat(w[0], w[1], '\\r\\n', w[2]);\n\nif (!egrep(pattern:\"^[0-9]+\\.[0-9]+\\.[0-9]+$\", string:w[2]))\n exit (1,\"Failed to extract version in desired format from Sun Java(TM) Web Console listening on port \"+ port+\".\");\n\nvers = ereg_replace(pattern:\"^([0-9]+\\.[0-9]+\\.[0-9]+)$\", string:w[2], replace:\"\\1\");\nvers = split(vers, sep:\".\", keep:FALSE);\n\nif ( (int(vers[0]) < 2) ||\n ((int(vers[0]) == 2) && (int(vers[1]) < 2)) ||\n ((int(vers[0]) == 2) && (int(vers[1]) == 2) && (int(vers[2]) < 6)) )\n{\n # don't worry about checking for the 2.2.4 patch in a PCI scan\n if (get_kb_item('Settings/PCI_DSS'))\n {\n if(report_verbosity > 0)\n {\n report = '\\n'+\n 'Sun Java(TM) Web Console version '+ join(vers,sep:\".\") + '\\n' +\n 'is installed on the remote host. Nessus did not attempt to\\n' +\n 'determine if patches 121211-02 or 121212-02 have been applied.\\n';\n security_hole(port:port,extra:report);\n }\n else\n security_hole(port);\n exit(0);\n }\n\n # patched in 2.2.6 except for solaris 10 ( patched in 2.2.4 )\n w = http_send_recv3(method:\"GET\", item:\"/console/html/en/versionDate.txt\", port:port,exit_on_fail:TRUE);\n\n #res = strcat(w[0], w[1], '\\r\\n', w[2]);\n\n if (!egrep(pattern:\"^[0-9]+/[0-9]+/[0-9]+$\", string:w[2]))\n exit (1,\"Failed to extract version date in desired format from Sun Java(TM) Web Console listening on port \"+ port+\".\");\n \n date = ereg_replace(pattern:\"^([0-9]+/[0-9]+/[0-9]+)$\", string:w[2], replace:\"\\1\");\n date = split(date, sep:\"/\", keep:FALSE);\n\n if ( int(date[0]) < 2007 ||\n (int(date[0]) == 2007 && int(date[1]) < 3) )\n { \n if(report_verbosity > 0)\n {\n report = '\\n'+\n 'Sun Java(TM) Web Console version '+ join(vers,sep:\".\") + ' ('+join(date,sep:\"/\")+ ')\\n'+\n 'is installed on the remote host.\\n';\n security_hole(port:port,extra:report);\n }\n else\n security_hole(port); \n exit(0);\n }\n else\n exit(0,\"Sun Java(TM) Web Console version date '\"+ join(date,sep:\"/\")+\"' is newer than 2007/3 and hence not affected.\");\n}\nelse\n exit(0,\"Sun Java(TM) Web Console version '\"+join(vers,sep:\".\")+\"' is installed on port \"+ port + \" and hence not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:00:39", "description": "SunOS 5.10_x86: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07", "edition": 22, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 121212-02", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121212", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_121212-02.NASL", "href": "https://www.tenable.com/plugins/nessus/107876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107876);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1681\");\n\n script_name(english:\"Solaris 10 (x86) : 121212-02\");\n script_summary(english:\"Check for patch 121212-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121212-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10_x86: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1001060.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121212-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121212\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121212-02\", obsoleted_by:\"\", package:\"SUNWmcon\", version:\"2.2.2,REV=2005.01.09.21.19\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121212-02\", obsoleted_by:\"\", package:\"SUNWmcos\", version:\"2.2.2,REV=2005.01.09.21.19\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121212-02\", obsoleted_by:\"\", package:\"SUNWmcosx\", version:\"2.2.2,REV=2005.01.09.21.19\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"121212-02\", obsoleted_by:\"\", package:\"SUNWmctag\", version:\"2.2.2,REV=2005.01.09.21.19\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWmcon / SUNWmcos / SUNWmcosx / SUNWmctag\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:00:26", "description": "SunOS 5.10: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07", "edition": 22, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 121211-02", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-1681"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:121211", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_121211-02.NASL", "href": "https://www.tenable.com/plugins/nessus/107375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107375);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-1681\");\n\n script_name(english:\"Solaris 10 (sparc) : 121211-02\");\n script_summary(english:\"Check for patch 121211-02\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 121211-02\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10: Sun Java Web Console (Lockhart) Patch.\nDate this patch was last updated by Sun : Apr/16/07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1001060.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 121211-02\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:121211\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121211-02\", obsoleted_by:\"\", package:\"SUNWmcon\", version:\"2.2.2,REV=2005.01.09.23.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121211-02\", obsoleted_by:\"\", package:\"SUNWmcos\", version:\"2.2.2,REV=2005.01.09.23.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121211-02\", obsoleted_by:\"\", package:\"SUNWmcosx\", version:\"2.2.2,REV=2005.01.09.23.05\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"121211-02\", obsoleted_by:\"\", package:\"SUNWmctag\", version:\"2.2.2,REV=2005.01.09.23.05\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWmcon / SUNWmcos / SUNWmcosx / SUNWmctag\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "cvelist": ["CVE-2007-1681"], "description": "n.runs AG\r\nhttp://www.nruns.com/ security at\r\nnruns.com\r\nn.runs-SA-2007.007\r\n18-Apr-2007\r\n\r\n____________________________________________________________________________\r\n___\r\n\r\nVendor: Sun Microsystems, Inc., http://www.sun.com\r\nAffected Products: Solaris 10, Java Web Console 2.2.2 - 2.2.5\r\nVulnerability: Format string vulnerability\r\n\r\nRisk: HIGH\r\nCVE ID: CVE-2007-1681\r\nSun Alert ID: 102854\r\nSUN bug ID: 6505096\r\n\r\n\r\nVendor communication:\r\n\r\n2006/12/10 Initial notification of the Sun Security\r\nCoordination\r\n Team.\r\n2006/12/15 Sending reminder.\r\n2006/12/15 Sun provides feedback about the further procedure.\r\n2006/12/23 Sun confirms vulnerability and assigns bug ID.\r\n2007/02/06 Requesting update.\r\n2007/02/07 Sun provides feedback.\r\n Fix for the most recent version ready.\r\n2007/02/14 Sun informs n.runs that the fix for Sun Java Web\r\n Console 2.2.4 has been approved and will soon be\r\n integrated. Fixes were identified for all other\r\n vulnerable versions.\r\n2007/03/05 Requesting update.\r\n2007/03/07 Sun awaits patch generation and the start of\r\n testing cycles.\r\n2007/03/20 Sun informs n.runs that patches will be released for\r\n Solaris 10. Unbundled versions have to be upgraded\r\nto\r\n version 2.2.6.\r\n2007/03/25 Requesting Sun Alert draft.\r\n2007/03/31 Sun sends draft of Sun Alert. Patches have been\r\n completed and the upgrade release is in work.\r\n2007/04/14 Sun sents public disclosure date.\r\n\r\n\r\nSystems Affected:\r\n\r\nAccording to the Sun Security Coordination Team, Solaris 10 Operating\r\nSystem,\r\nSun Java Web Console 2.2.2, Sun Java Web Console 2.2.3, Sun Java Web Console\r\n2.2.4 and Sun Java Web Console 2.2.5 are affected.\r\n\r\nThe existence of the vulnerability was verified by n.runs on fully-patched\r\ninstallations of Solaris 10 6/06 on SPARC and x86 Platform running Sun Java\r\nWeb Console 2.2.4. \r\n\r\n\r\nOverview:\r\n\r\nA remote exploitable format string vulnerability has been identified in the\r\nin\r\nthe Sun Java Web Console [1].\r\n\r\n\r\nDescription:\r\n\r\nThe Sun Java Web Console is vulnerable to a format string vulnerability.\r\nThe root cause of the format string vulnerability lies in the logging of\r\nfailed\r\nlogins, therefore this vulnerability is exploitable by unauthenticated\r\nremote\r\nusers.\r\n\r\nThe vulnerability exists as the libc syslog function is called in\r\n/usr/lib/libwebconsole_services.so with two (2) instead of at least three\r\n(3)\r\narguments which enables an attacker to influence the message buffer.\r\n\r\n\r\nImpact:\r\n\r\nThe exploitation of this vulnerability may result in unauthorised remote\r\ncode\r\nexecution or cause a denial of service condition by crashing the Java Web\r\nConsole service.\r\n\r\n\r\nSolution:\r\n\r\nUpdate to Sun Java Web Console 2.2.6 or later.\r\nPatches for Solaris 10 were released by SUN Microsystems to address this\r\nissue,\r\na workaround designed by Sun Microsystems is available. [2]\r\n\r\n\r\nCredit: \r\n\r\nVulnerability found by Frank Dick of n.runs AG.\r\nAdditional credits to Felix Lindner of Sabre Labs GmbH for supporting the\r\nvulnerability research.\r\n\r\n\r\nReferences:\r\n\r\n[1] http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5kh?a=view\r\n[2] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1\r\n____________________________________________________________________________\r\n___\r\n\r\nUnaltered electronic reproduction of this advisory is permitted. For all\r\nother\r\nreproduction or publication, in printing or otherwise, contact\r\nsecurity@nruns.com for permission.\r\nUse of the advisory constitutes acceptance for use in an "as is" condition.\r\nAll warranties are excluded. In no event shall n.runs be liable for any\r\ndamages\r\nwhatsoever including direct, indirect, incidental, consequential, loss of\r\nbusiness profits or special damages, even if n.runs has been advised of the\r\npossibility of such damages.\r\n\r\nCopyright 2007 n.runs AG. All rights reserved. Terms of apply.\r\n\r\n", "edition": 1, "modified": "2007-04-18T00:00:00", "published": "2007-04-18T00:00:00", "id": "SECURITYVULNS:DOC:16745", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16745", "title": "n.runs-SA-2007.007 - Sun Solaris 10 - Format string vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-1681"], "description": "Format string vulnerability in libwebconsole_services.so on syslog() call.", "edition": 1, "modified": "2007-04-18T00:00:00", "published": "2007-04-18T00:00:00", "id": "SECURITYVULNS:VULN:7598", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7598", "title": "Sun Java web console format string vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}