Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2006-08-01 |
| Product | Solaris | Last view | 2007-04-19 |
| Version | 10.0 | Type | Os |
| Update | hw2 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:sun:solaris | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2007-04-19 | CVE-2007-1681 | Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. |
| 5.8 | 2007-03-07 | CVE-2006-7140 | The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. |
| 6.6 | 2006-09-26 | CVE-2006-5012 | Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. |
| 7.2 | 2006-08-23 | CVE-2006-4319 | Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. |
| 5 | 2006-08-01 | CVE-2006-3968 | The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-96 | Block Access to Libraries |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 34902 | Sun Java Web Console libwebconsole_services.so Remote Format String |
| 29555 | Solaris RBAC format Command Local Overflow |
| 29153 | Solaris syslog Local DoS |
| 28549 | OpenSSL RSA Key PKCS #1 v1.5 Signature Forgery |
| 27719 | Sun Fire T2000 DSA Signature Verification Weakness |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-06-03 | Name : Solaris Update for /usr/sbin/format 113072-08 File : nvt/gb_solaris_113072_08.nasl |
| 2009-06-03 | Name : Solaris Update for format 114423-07 File : nvt/gb_solaris_114423_07.nasl |
| 2009-06-03 | Name : Solaris Update for Sun Java Web Console (Lockhart) 121211-02 File : nvt/gb_solaris_121211_02.nasl |
| 2009-06-03 | Name : Solaris Update for Sun Java Web Console (Lockhart) 121212-02 File : nvt/gb_solaris_121212_02.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Oracle Java Web Console logging functionality format string exploit attempt RuleID : 17109 - Type : SERVER-ORACLE - Revision : 5 |
| 2014-01-10 | Oracle Java web console format string attempt RuleID : 14615 - Type : SERVER-OTHER - Revision : 7 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-339-1.nasl - Type: ACT_GATHER_INFO |
| 2007-10-12 | Name: The remote host is missing Sun Security Patch number 122715-03 File: solaris9_x86_122715.nasl - Type: ACT_GATHER_INFO |
| 2007-09-25 | Name: The remote host is missing Sun Security Patch number 117123-10 File: solaris9_117123.nasl - Type: ACT_GATHER_INFO |
| 2007-04-23 | Name: The remote web server is prone to a format string attack. File: sun_java_web_console_format_string.nasl - Type: ACT_GATHER_INFO |
| 2007-04-19 | Name: The remote host is missing Sun Security Patch number 121211-02 File: solaris10_121211.nasl - Type: ACT_GATHER_INFO |
| 2007-04-19 | Name: The remote host is missing Sun Security Patch number 121212-02 File: solaris10_x86_121212.nasl - Type: ACT_GATHER_INFO |
| 2007-02-18 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-177.nasl - Type: ACT_GATHER_INFO |
| 2007-02-18 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-178.nasl - Type: ACT_GATHER_INFO |
| 2007-02-18 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-207.nasl - Type: ACT_GATHER_INFO |
| 2006-12-16 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-161.nasl - Type: ACT_GATHER_INFO |
| 2006-11-06 | Name: The remote host is missing Sun Security Patch number 116648-25 File: solaris10_116648.nasl - Type: ACT_GATHER_INFO |
| 2006-11-06 | Name: The remote host is missing Sun Security Patch number 114045-14 File: solaris8_114045.nasl - Type: ACT_GATHER_INFO |
| 2006-11-06 | Name: The remote host is missing Sun Security Patch number 116648-25 File: solaris8_116648.nasl - Type: ACT_GATHER_INFO |
| 2006-11-06 | Name: The remote host is missing Sun Security Patch number 116648-25 File: solaris9_116648.nasl - Type: ACT_GATHER_INFO |
| 2006-11-06 | Name: The remote host is missing Sun Security Patch number 119209-36 File: solaris8_119209.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1174.nasl - Type: ACT_GATHER_INFO |
| 2006-08-21 | Name: The remote host is missing Sun Security Patch number 114423-09 File: solaris9_x86_114423.nasl - Type: ACT_GATHER_INFO |
| 2006-08-04 | Name: The remote host is missing Sun Security Patch number 113072-08 File: solaris9_113072.nasl - Type: ACT_GATHER_INFO |
| 2006-07-03 | Name: The remote host is missing Sun Security Patch number 118833-36 File: solaris10_118833.nasl - Type: ACT_GATHER_INFO |
| 2006-02-19 | Name: The remote host is missing Sun Security Patch number 117351-61 File: solaris8_x86_117351.nasl - Type: ACT_GATHER_INFO |
| 2006-02-19 | Name: The remote host is missing Sun Security Patch number 117350-62 File: solaris8_117350.nasl - Type: ACT_GATHER_INFO |
| 2005-10-19 | Name: The remote host is missing Sun Security Patch number 119213-36 File: solaris10_119213.nasl - Type: ACT_GATHER_INFO |
| 2005-10-19 | Name: The remote host is missing Sun Security Patch number 119214-36 File: solaris10_x86_119214.nasl - Type: ACT_GATHER_INFO |
| 2005-10-05 | Name: The remote host is missing Sun Security Patch number 118558-39 File: solaris9_118558.nasl - Type: ACT_GATHER_INFO |
| 2005-10-05 | Name: The remote host is missing Sun Security Patch number 119211-36 File: solaris9_119211.nasl - Type: ACT_GATHER_INFO |
