CVE-2008-5685

Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/33158	Vendor Advisory
http://securitytracker.com/id?1021392
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114527-12-1	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246746-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019814.1-1
http://www.securityfocus.com/bid/32805
http://www.vupen.com/english/advisories/2008/3440

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:sun:scapp:5.18:::::::*
	cpe:2.3:h:sun:scapp:5.19:::::::*
	cpe:2.3:h:sun:scapp:5.20.0:::::::*
	cpe:2.3:h:sun:scapp:5.20.1:::::::*
	cpe:2.3:h:sun:scapp:5.20.2:::::::*
	cpe:2.3:h:sun:scapp:5.20.3:::::::*
	cpe:2.3:h:sun:scapp:5.20.4:::::::*
	cpe:2.3:h:sun:scapp:5.20.5:::::::*
	cpe:2.3:h:sun:scapp:5.20.6:::::::*
	cpe:2.3:h:sun:scapp:5.20.7:::::::*
	cpe:2.3:h:sun:scapp:5.20.8:::::::*
	cpe:2.3:h:sun:scapp:5.20.9:::::::*
	cpe:2.3:h:sun:scapp:5.20.10:::::::*

OR	cpe:2.3:h:sun:netra:1280:::::::*
	cpe:2.3:h:sun:netra:1290:::::::*
	cpe:2.3:h:sun:sun_fire:3800:::::::*
	cpe:2.3:h:sun:sun_fire:4800:::::::*
	cpe:2.3:h:sun:sun_fire:4810:::::::*
	cpe:2.3:h:sun:sun_fire:6800:::::::*
	cpe:2.3:h:sun:sun_fire:e2900:::::::*
	cpe:2.3:h:sun:sun_fire:e4900:::::::*
	cpe:2.3:h:sun:sun_fire:e6900:::::::*
	cpe:2.3:h:sun:sun_fire:v1280:::::::*

History

No history.

Information

Published : 2008-12-19 17:30

Updated : 2011-03-08 03:14

NVD link : CVE-2008-5685

Mitre link : CVE-2008-5685

CVE.ORG link : CVE-2008-5685

JSON object : View

Products Affected

sun

scapp
sun_fire
netra

CWE

NVD-CWE-noinfo

{"id": "CVE-2008-5685", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-19T17:30:03.250", "references": [{"url": "http://secunia.com/advisories/33158", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1021392", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-114527-12-1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246746-1", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019814.1-1", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32805", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3440", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets."}, {"lang": "es", "value": "Sun ScApp firmware 5.18.x, 5.19.x, y 5.20.0 hasta la 5.20.10 en plataformas Sun Fire y Netra permite a atacantes remotos acceder al Controlador del Sistema(SC), a la consola del sistema y, posiblemente, al sistema operativo anfitri\u00f3n, y causar una denegaci\u00f3n de servicio (mediante apagado o reinicio), a trav\u00e9s de paquetes con IPs falsas."}], "lastModified": "2011-03-08T03:14:57.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sun:scapp:5.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28A2551B-1787-40A5-AB51-6177A64AA46C"}, {"criteria": "cpe:2.3:h:sun:scapp:5.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25F877F4-682F-46D1-9F81-70C1FAF16A57"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E9C8979-3A8D-4805-90B9-FD20F5153651"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "189EF850-2D37-4290-AC8C-B858C7C40471"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D2BBB49-5C60-4D88-8007-F10697A04636"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F6DF9B4-1E0D-49DB-81EC-193E980334CB"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FF9935A-851D-4B79-B8C7-F98C08FD9F0B"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "316FCB5A-F03B-4D42-88D3-7CF75AB66CC0"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D474BDB0-23BD-48E9-AF53-14E45B5D6B4B"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E58F2F5B-C150-4A91-9E67-3A718D35E7E1"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF6CD6B-C732-45F1-ACE5-989CB62FBB2E"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54C75370-48FF-4062-B82E-784DFE38E352"}, {"criteria": "cpe:2.3:h:sun:scapp:5.20.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5CFDC9-0FEB-47E4-B934-34594E11CCBE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sun:netra:1280:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78C85E7E-BE58-4E4F-8D3D-D9532C60A0FC"}, {"criteria": "cpe:2.3:h:sun:netra:1290:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD91C95B-01C7-4F4B-B3DB-5863389C4B62"}, {"criteria": "cpe:2.3:h:sun:sun_fire:3800:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91D5F2D6-D0BF-4D6A-AB19-5C1301D71E8A"}, {"criteria": "cpe:2.3:h:sun:sun_fire:4800:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D964A21B-E067-4D89-A5E0-339817CB8544"}, {"criteria": "cpe:2.3:h:sun:sun_fire:4810:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6759A24A-8ED7-4C60-92ED-2CE3D95DF6A3"}, {"criteria": "cpe:2.3:h:sun:sun_fire:6800:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F5F659A-CAA8-488C-8C67-B95984055803"}, {"criteria": "cpe:2.3:h:sun:sun_fire:e2900:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A7FBA86-D5E3-40CC-8B0E-19911A9053B2"}, {"criteria": "cpe:2.3:h:sun:sun_fire:e4900:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6E6972D4-6DB6-4885-9083-7F79ED64CF04"}, {"criteria": "cpe:2.3:h:sun:sun_fire:e6900:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "43826816-BA22-4BD9-9943-4924F9E5FDCE"}, {"criteria": "cpe:2.3:h:sun:sun_fire:v1280:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C258A35-787A-49FF-A7C4-39B11747EBF9"}], "operator": "OR"}], "operator": "AND"}], "evaluatorImpact": "Note: This issue only impacts systems that have a System Controller V2 without SSH enabled.", "sourceIdentifier": "cve@mitre.org"}