Executive Summary
Summary | |
---|---|
Title | Sun Alert 259468 Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution |
Informations | |||
---|---|---|---|
Name | SUN-259468 | First vendor Publication | 2009-05-22 |
Vendor | Sun | Last vendor Modification | 2009-05-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 8 Operating System Solaris 9 Operating System On Solaris 8 and 9 heap and integer overflow vulnerabilities in the Solaris sadmind(1M) daemon Sun acknowledges with thanks Secunia Research for bringing these issues to our attention. These issues are also described in the following documents: CVE-2008-3870 at http://www.security-database.com/detail.php?cve=CVE-2008-3870 State: Resolved First released: 22-May-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_259468_multiple_vulnerabilities |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5347 | |||
Oval ID: | oval:org.mitre.oval:def:5347 | ||
Title: | Heap-based Buffer Overflow Vulnerability in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution | ||
Description: | Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3869 | Version: | 3 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6092 | |||
Oval ID: | oval:org.mitre.oval:def:6092 | ||
Title: | Integer Overflow Vulnerability in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution | ||
Description: | Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3870 | Version: | 3 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Solaris Update for sadmind 116453-03 File : nvt/gb_solaris_116453_03.nasl |
2009-09-23 | Name : Solaris Update for sadmind 116442-02 File : nvt/gb_solaris_116442_02.nasl |
2009-09-23 | Name : Solaris Update for sadmind 116454-03 File : nvt/gb_solaris_116454_03.nasl |
2009-09-23 | Name : Solaris Update for sadmind 116455-02 File : nvt/gb_solaris_116455_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54668 | Solaris sadmind Crafted RPC Request Remote Overflow |
54663 | Solaris sadmind RPC Request Parameter Decoding Remote Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-05-28 | IAVM : 2009-T-0028 - Multiple Buffer Overflow Vulnerabilities in Sun Solaris Severity : Category II - VMSKEY : V0019230 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle Solaris sadmind TCP data length integer overflow attempt RuleID : 16797 - Revision : 10 - Type : PROTOCOL-RPC |
2014-01-10 | Oracle Solaris sadmind UDP data length integer overflow attempt RuleID : 16796 - Revision : 10 - Type : PROTOCOL-RPC |
2014-01-10 | Oracle Solaris sadmind TCP array size buffer overflow attempt RuleID : 16706 - Revision : 8 - Type : PROTOCOL-RPC |
2014-01-10 | Oracle Solaris sadmind UDP array size buffer overflow attempt RuleID : 16705 - Revision : 8 - Type : PROTOCOL-RPC |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-07-12 | Name : The remote host is missing Sun Security Patch number 116455-01 File : solaris8_116455.nasl - Type : ACT_GATHER_INFO |