Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.SOLARIS11_LDOMS_20150714.NASL
HistoryJul 16, 2015 - 12:00 a.m.

Oracle Solaris Critical Patch Update : ldoms (SRU11_2_11_5_0)

2015-07-1600:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
44

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

46.1%

JSON

The remote Solaris system is missing necessary patches to address an unspecified flaw that exists in the LDOM Manager subcomponent of Oracle VM Server for SPARC. A remote, unauthenticated attacker can exploit this, via multiple protocols, to cause a denial of service condition.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle CPU for jul2015.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84807);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2015-4750");
  script_bugtraq_id(75862);

  script_name(english:"Oracle Solaris Critical Patch Update : ldoms (SRU11_2_11_5_0)");
  script_summary(english:"Check for the jul2015 CPU and ldoms.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Solaris system is missing a security patch from the July
2015 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"description", value:
"The remote Solaris system is missing necessary patches to address
an unspecified flaw that exists in the LDOM Manager subcomponent of
Oracle VM Server for SPARC. A remote, unauthenticated attacker can
exploit this, via multiple protocols, to cause a denial of service
condition.");
  # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/2368792.xml
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?178c8ed1");
  # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d18c2a85");
  script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=20018633.1");
  script_set_attribute(attribute:"see_also", value:"https://support.oracle.com/rs?type=doc&id=2018633.1");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2015 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");

pkg_list = solaris_pkg_list_leaves();
if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");

if (empty_or_null(egrep(string:pkg_list, pattern:"^ldoms$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "ldoms");

fix_release = "0.5.11-0.175.2.11.0.5.0";

flag = 0;

if (solaris_check_release(release:fix_release, sru:"11.2.11.5.0") > 0) flag++;

if (flag)
{
  error_extra = 'Affected package : ldoms\n' + solaris_get_report2();
  error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
  if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_PACKAGE_NOT_AFFECTED, "ldoms");

Related

nessus 1
cve 1
prion 1
nvd 1
cvelist 1
ibm 1
securityvulns 1
oracle 1
nessus
nessus
Solaris 10 (sparc) : 151934-04 (deprecated)
2015-06-16 00:00:00
cve
cve
CVE-2015-4750
2015-07-16 11:00:44
prion
prion
Design/Logic Flaw
2015-07-16 11:00:00
nvd
nvd
CVE-2015-4750
2015-07-16 11:00:44
cvelist
cvelist
CVE-2015-4750
2015-07-16 10:00:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM License Metric Tool 7.5 and IBM Tivoli Asset Discovery for Distributed 7.5 (CVE-2015-7450)
2021-04-26 21:17:25
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.001

Percentile

46.1%

JSON
Related for SOLARIS11_LDOMS_20150714.NASL
nessus1cve1prion1nvd1cvelist1ibm1securityvulns1oracle1