Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-0965First vendor Publication2008-08-08
VendorCveLast vendor Modification2018-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0965

CWE : Common Weakness Enumeration

%idName
100 %CWE-134Uncontrolled Format String (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5742
 
Oval ID: oval:org.mitre.oval:def:5742
Title: Security Vulnerability in Solaris snoop(1M) when Displaying SMB Traffic
Description: Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0965
Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os450
Os6
Os3

OpenVAS Exploits

DateDescription
2009-06-03Name : Solaris Update for snoop 114262-05
File : nvt/gb_solaris_114262_05.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
47422Solaris snoop(1M) SMB Traffic Monitoring Multiple Unspecified Remote Format S...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2008-08-28IAVM : 2008-T-0043 - Multiple Sun Solaris snoop Vulnerabilities
Severity : Category II - VMSKEY : V0017141

Nessus® Vulnerability Scanner

DateDescription
2008-08-17Name : The remote host is missing Sun Security Patch number 112915-06
File : solaris9_112915.nasl - Type : ACT_GATHER_INFO
2008-08-17Name : The remote host is missing Sun Security Patch number 114262-05
File : solaris9_x86_114262.nasl - Type : ACT_GATHER_INFO
2008-08-17Name : The remote host is missing Sun Security Patch number 108964-11
File : solaris8_108964.nasl - Type : ACT_GATHER_INFO
2008-08-17Name : The remote host is missing Sun Security Patch number 108965-11
File : solaris8_x86_108965.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/30556
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935
IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=735
SECTRACK http://www.securitytracker.com/id?1020633
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1
VUPEN http://www.vupen.com/english/advisories/2008/2311
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/44222
https://exchange.xforce.ibmcloud.com/vulnerabilities/44415

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
DateInformations
2018-10-31 00:19:51
  • Multiple Updates
2017-09-29 09:23:25
  • Multiple Updates
2017-08-08 09:23:52
  • Multiple Updates
2016-06-28 17:11:51
  • Multiple Updates
2016-04-27 09:29:04
  • Multiple Updates
2016-04-26 17:09:33
  • Multiple Updates
2014-02-17 10:43:52
  • Multiple Updates
2013-11-11 12:37:51
  • Multiple Updates
2013-05-11 00:10:11
  • Multiple Updates