Lucene search
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARIS10_X86_139501-02.NASLHistoryMar 12, 2018 - 12:00 a.m.
Solaris 10 (x86) : 139501-02
2018-03-1200:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS
0.007
Percentile
81.0%
SunOS 5.10_x86: openssl patch.
Date this patch was last updated by Sun : Feb/24/09
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(108014);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2008-5077", "CVE-2009-0021", "CVE-2009-0046", "CVE-2009-0047", "CVE-2009-0048", "CVE-2009-0049", "CVE-2009-0124", "CVE-2009-0125", "CVE-2009-0127", "CVE-2009-0128", "CVE-2009-0130");
script_name(english:"Solaris 10 (x86) : 139501-02");
script_summary(english:"Check for patch 139501-02");
script_set_attribute(
attribute:"synopsis",
value:"The remote host is missing Sun Security Patch number 139501-02"
);
script_set_attribute(
attribute:"description",
value:
"SunOS 5.10_x86: openssl patch.
Date this patch was last updated by Sun : Feb/24/09"
);
script_set_attribute(
attribute:"see_also",
value:"https://download.oracle.com/sunalerts/1020011.1.html"
);
script_set_attribute(attribute:"solution", value:"Install patch 139501-02");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_cwe_id(20, 287);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138123");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138863");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139501");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
script_set_attribute(attribute:"patch_publication_date", value:"2009/02/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWcry", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWopenssl-commands", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWopenssl-include", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWopenssl-libraries", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
if (flag) {
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : solaris_get_report()
);
} else {
patch_fix = solaris_patch_fix_get();
if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
tested = solaris_pkg_tests_get();
if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcry / SUNWopenssl-commands / SUNWopenssl-include / etc");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0130
download.oracle.com/sunalerts/1020011.1.html
Related
nessus
nessus
RHEL 4 / 5 : ntp (RHSA-2009:0046)
2009-01-29 00:00:00
Solaris 10 (sparc) : 139500-04
2009-04-23 00:00:00
RHEL 2.1 / 3 / 4 / 5 : openssl (RHSA-2009:0004)
2009-01-08 00:00:00
cvelist
cvelist
ubuntucve
ubuntucve
prion
prion
Input validation
2009-01-15 17:30:00
Input validation
2009-01-07 18:30:00
Input validation
2009-01-15 17:30:00
nvd
nvd
cve
cve
openvas
openvas
Mandrake Security Advisory MDVSA-2009:271 (libnasl)
2009-10-19 00:00:00
Fedora Core 9 FEDORA-2009-0547 (ntp)
2009-01-26 00:00:00
OpenSSL DSA_do_verify() Security Bypass Vulnerability in NASL
2009-01-22 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: ntp-4.2.4p6-1.fc9
2009-01-24 02:32:42
[SECURITY] Fedora 10 Update: ntp-4.2.4p6-1.fc10
2009-01-24 02:34:08
[SECURITY] Fedora 9 Update: tqsllib-2.0-5.fc9
2009-01-15 03:07:29
f5
f5
K9889 : NTP vulnerability CVE-2009-0021
2013-03-25 00:00:00
SOL9889 - NTP vulnerability CVE-2009-0021
2009-04-05 00:00:00
debiancve
debiancve
gentoo
gentoo
ntp: Certificate validation error
2009-04-05 00:00:00
securityvulns
securityvulns
[oCERT-2008-016] Multiple OpenSSL signature verification API misuses
2009-01-09 00:00:00
centos
centos
ntp security update
2009-02-04 18:58:29
openssl, openssl096b, openssl097a security update
2009-01-07 22:28:50
veracode
veracode
Information Disclosure
2020-04-10 00:31:06
oraclelinux
oraclelinux
ntp security update
2009-01-29 00:00:00
redhat
redhat
(RHSA-2009:0046) Moderate: ntp security update
2009-01-29 00:00:00
debian
debian
[SECURITY] [DSA 1702-1] New ntp packages fix cryptographic weakness
2009-01-12 20:34:15
[SECURITY] [DSA 1946-1] New belpic packages fix cryptographic weakness
2009-12-04 21:02:22
[SECURITY] [DSA 1701-1] New OpenSSL packages fix cryptographic weakness
2009-01-12 20:03:29
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:03.ntpd
2009-01-13 00:00:00
ubuntu
ubuntu
NTP vulnerability
2009-01-08 00:00:00
OpenSSL vulnerability
2009-01-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
seebug
seebug
OpenSSL 'EVP_VerifyFinal'ε½ζ°ηΎειͺθ―ζΌζ΄
2009-01-08 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS
0.007
Percentile
81.0%
Related for SOLARIS10_X86_139501-02.NASL