Vulnerability Name:
CVE-2009-3937 (CCN-54252)
Assigned:
2009-11-10
Published:
2009-11-10
Updated:
2009-11-16
Summary:
Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through snv_126 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors involving tcp_sendmsg processing "ancillary data."
CVSS v3 Severity:
4.0 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Low
CVSS v2 Severity:
4.9 Medium
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
)
3.7 Low
(Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
2.1 Low
(CCN CVSS v2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
)
1.6 Low
(CCN Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Partial
Vulnerability Type:
CWE-399
Vulnerability Consequences:
Denial of Service
References:
Source: MITRE
Type: CNA
CVE-2009-3937
Source: CCN
Type: SECTRACK ID: 1023162
Solaris TCP Sockets Memory Leak Lets Local Users Deny Service
Source: CCN
Type: Sun Alert ID: 266488
Security Vulnerability in Solaris TCP sockets May Allow Unprivileged Users to Cause a Denial of Service (DoS) Condition
Source: SUNALERT
Type: UNKNOWN
266488
Source: MISC
Type: UNKNOWN
http://sunsolve.sun.com/search/document.do?assetkey=1-68-nv_osol0906u5-1
Source: CCN
Type: OSVDB ID: 60177
OpenSolaris TCP sockets tcp_sendmsg Ancillary Data Memory Consumption Local DoS
Source: BID
Type: UNKNOWN
36992
Source: CCN
Type: BID-36992
Sun Solaris TCP Sockets Local Denial Of Service Vulnerability
Source: SECTRACK
Type: UNKNOWN
1023162
Source: VUPEN
Type: Vendor Advisory
ADV-2009-3213
Source: XF
Type: UNKNOWN
opensolaris-tcp-dos(54252)
Vulnerable Configuration:
Configuration 1
:
cpe:/o:sun:opensolaris:snv_106:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_107:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_108:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_109:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_110:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_111:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_112:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_113:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_114:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_115:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_116:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_117:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_118:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_119:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_120:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_121:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_122:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_123:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_124:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_125:*:*:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:snv_126:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:sun:opensolaris:build_snv_106::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_106::x86:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_107::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_107::x86:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_108::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_109::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_110::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_108::x86:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_109::x86:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_110::x86:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_111::sparc:*:*:*:*:*
OR
cpe:/o:sun:opensolaris:build_snv_111::x86:*:*:*:*:*
Denotes that component is vulnerable
BACK
sun
opensolaris snv_106
sun
opensolaris snv_107
sun
opensolaris snv_108
sun
opensolaris snv_109
sun
opensolaris snv_110
sun
opensolaris snv_111
sun
opensolaris snv_112
sun
opensolaris snv_113
sun
opensolaris snv_114
sun
opensolaris snv_115
sun
opensolaris snv_116
sun
opensolaris snv_117
sun
opensolaris snv_118
sun
opensolaris snv_119
sun
opensolaris snv_120
sun
opensolaris snv_121
sun
opensolaris snv_122
sun
opensolaris snv_123
sun
opensolaris snv_124
sun
opensolaris snv_125
sun
opensolaris snv_126
sun
opensolaris build_snv_106
sun
opensolaris build_snv_106
sun
opensolaris build_snv_107
sun
opensolaris build_snv_107
sun
opensolaris build_snv_108
sun
opensolaris build_snv_109
sun
opensolaris build_snv_110
sun
opensolaris build_snv_108
sun
opensolaris build_snv_109
sun
opensolaris build_snv_110
sun
opensolaris build_snv_111
sun
opensolaris build_snv_111
Denotes that component is vulnerable