Vulnerability Name:
CVE-2008-0965 (CCN-44415)
Assigned:
2008-08-05
Published:
2008-08-05
Updated:
2018-10-30
Summary:
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
7.3 High
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.9 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-134
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2008-0965
Source: IDEFENSE
Type: UNKNOWN
20080804 Solaris snoop SMB Decoding Multiple Format String Vulnerabilities
Source: CCN
Type: SA31386
Sun Solaris "snoop" Multiple Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
31386
Source: CCN
Type: SA31535
Avaya CMS Solaris "snoop" Multiple Vulnerabilities
Source: SECUNIA
Type: Vendor Advisory
31535
Source: CCN
Type: SECTRACK ID: 1020633
Solaris 'snoop' Utility Lets Remote Users Execute Arbitrary Code
Source: SUNALERT
Type: Vendor Advisory
240101
Source: CCN
Type: Sun Alert ID: 240101
Security Vulnerability in Solaris snoop(1M) when Displaying SMB Traffic
Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm
Source: CCN
Type: ASA-2008-355
Security Vulnerability in Solaris snoop(1M) when Displaying SMB Traffic (Sun 240101)
Source: CCN
Type: NORTEL BULLETIN ID: 2008009062, Rev 1
Nortel Response to Sun Alert 240101 - Vulnerability in Solaris snoop(1M) when Displaying SMB Traffic
Source: CONFIRM
Type: UNKNOWN
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=766935
Source: CCN
Type: OSVDB ID: 47422
Solaris snoop(1M) SMB Traffic Monitoring Multiple Unspecified Remote Format Strings
Source: BID
Type: UNKNOWN
30556
Source: CCN
Type: BID-30556
Sun Solaris 'snoop(1M)' Utility Multiple Remote Vulnerabilities
Source: SECTRACK
Type: UNKNOWN
1020633
Source: VUPEN
Type: Vendor Advisory
ADV-2008-2311
Source: XF
Type: UNKNOWN
sun-solaris-snoop1m-command-execution(44222)
Source: XF
Type: UNKNOWN
solaris-snoop1m-format-string(44415)
Source: XF
Type: UNKNOWN
solaris-snoop1m-format-string(44415)
Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 08.04.08
Solaris snoop SMB Decoding Multiple Format String Vulnerabilities
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5742
Vulnerable Configuration:
Configuration 1
:
cpe:/o:sun:opensolaris:*:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:*:*:sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:*:*:x86:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_01:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_02:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_13:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_19:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_22:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_64:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_88:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_89:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_91:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_92:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:*:*:*:*:*:*:*:*
(Version <= build_snv_95)
OR
cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:*
OR
cpe:/o:sun:solaris:8:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*
OR
cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
OR
cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:*
OR
cpe:/o:sun:sunos:5.10:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:sun:solaris:8::x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
OR
cpe:/o:sun:solaris:9::x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
OR
cpe:/o:sun:solaris:10::x86:*:*:*:*:*
OR
cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.mitre.oval:def:5742
V
Security Vulnerability in Solaris snoop(1M) when Displaying SMB Traffic
2008-09-22
BACK
sun
opensolaris *
sun
opensolaris *
sun
opensolaris *
sun
opensolaris build_snv_01
sun
opensolaris build_snv_02
sun
opensolaris build_snv_13
sun
opensolaris build_snv_19
sun
opensolaris build_snv_22
sun
opensolaris build_snv_64
sun
opensolaris build_snv_88
sun
opensolaris build_snv_89
sun
opensolaris build_snv_91
sun
opensolaris build_snv_92
sun
opensolaris *
sun
solaris 8
sun
solaris 8
sun
solaris 9
sun
solaris 9
sun
solaris 10
sun
solaris 10
sun
sunos 5.8
sun
sunos 5.9
sun
sunos 5.10
sun
solaris 8
sun
solaris 8
sun
solaris 9
sun
solaris 10
sun
solaris 10
sun
solaris 9
sun
opensolaris build_snv_95
sun
opensolaris build_snv_95
Denotes that component is vulnerable