CVE-2008-5685

Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-21-114527-12-1	Patch
http://secunia.com/advisories/33158	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246746-1
http://securitytracker.com/id?1021392
http://www.securityfocus.com/bid/32805
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019814.1-1
http://www.vupen.com/english/advisories/2008/3440

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:sun:scapp:5.19:::::::*
	cpe:2.3:h:sun:scapp:5.20.0:::::::*
	cpe:2.3:h:sun:scapp:5.20.8:::::::*
	cpe:2.3:h:sun:scapp:5.20.9:::::::*
	cpe:2.3:h:sun:scapp:5.20.3:::::::*
	cpe:2.3:h:sun:scapp:5.20.4:::::::*
	cpe:2.3:h:sun:scapp:5.20.5:::::::*
	cpe:2.3:h:sun:scapp:5.20.1:::::::*
	cpe:2.3:h:sun:scapp:5.20.2:::::::*
	cpe:2.3:h:sun:scapp:5.20.10:::::::*
	cpe:2.3:h:sun:scapp:5.18:::::::*
	cpe:2.3:h:sun:scapp:5.20.6:::::::*
	cpe:2.3:h:sun:scapp:5.20.7:::::::*

OR	cpe:2.3:h:sun:sun_fire:e2900:::::::*
	cpe:2.3:h:sun:sun_fire:e4900:::::::*
	cpe:2.3:h:sun:sun_fire:3800:::::::*
	cpe:2.3:h:sun:sun_fire:4800:::::::*
	cpe:2.3:h:sun:netra:1280:::::::*
	cpe:2.3:h:sun:netra:1290:::::::*
	cpe:2.3:h:sun:sun_fire:e6900:::::::*
	cpe:2.3:h:sun:sun_fire:v1280:::::::*
	cpe:2.3:h:sun:sun_fire:4810:::::::*
	cpe:2.3:h:sun:sun_fire:6800:::::::*

Information

Published : 2008-12-19 09:30

Updated : 2011-03-07 19:14

NVD link : CVE-2008-5685

Mitre link : CVE-2008-5685

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

sun

scapp
netra
sun_fire

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-114527-12-1", "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-114527-12-1", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/33158", "name": "33158", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246746-1", "name": "246746", "tags": [], "refsource": "SUNALERT"}, {"url": "http://securitytracker.com/id?1021392", "name": "1021392", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/32805", "name": "32805", "tags": [], "refsource": "BID"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019814.1-1", "name": "1019814", "tags": [], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2008/3440", "name": "ADV-2008-3440", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-5685", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-12-19T17:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:sun:scapp:5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:sun:scapp:5.20.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:sun:sun_fire:e2900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:sun_fire:e4900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:sun_fire:3800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:sun_fire:4800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:netra:1280:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:netra:1290:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:sun_fire:e6900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:sun_fire:v1280:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:sun_fire:4810:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:sun:sun_fire:6800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T03:14Z"}