Vulnerability Name:

CVE-2008-1095 (CCN-40473)

Assigned:2008-02-08
Published:2008-02-08
Updated:2018-10-30
Summary:Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-264
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-1095

Source: CCN
Type: SA29100
Sun Solaris Firewall Security Bypass and Denial of Service

Source: SECUNIA
Type: Vendor Advisory
29100

Source: CCN
Type: SA29379
Avaya CMS Solaris Firewall Security Bypass and Denial of Service

Source: SECUNIA
Type: Vendor Advisory
29379

Source: CCN
Type: Sun Alert ID: 200183
Security Vulnerability May Allow Firewall Compromise or Creation of Denial of Service (DoS) Condition

Source: SUNALERT
Type: Patch
200183

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-119.htm

Source: CCN
Type: OSVDB ID: 42155
Solaris ip(7P) Crafted Packets Firewall Security Policy Bypass

Source: CCN
Type: OSVDB ID: 42156
Solaris ip(7P) Crafted Packets Remote DoS

Source: BID
Type: Patch
27967

Source: CCN
Type: BID-27967
Sun Solaris Internet Protocol 'ip(7P)' Security Bypass and Denial Of Service Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0645

Source: XF
Type: UNKNOWN
solaris-ip-dos(40473)

Source: XF
Type: UNKNOWN
solaris-ip-dos(40473)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5511

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:8:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.9:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5511
    V
    		Security Vulnerability May Allow Firewall Compromise or Creation of Denial of Service (DoS) Condition
    2008-04-14
    BACK
    sun solaris 8
    sun solaris 9
    sun solaris 10
    sun sunos 5.8
    sun sunos 5.9
    sun sunos 5.10
    sun solaris 8
    sun solaris 8
    sun solaris 9
    sun solaris 10
    sun solaris 10
    sun solaris 9