Sign-up

ID

VAR-200607-0465


CVE

CVE-2006-3825


TITLE

Sun Solaris IPv Protocol Execution Routing Table Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-5684 // CNNVD: CNNVD-200607-426

DESCRIPTION

The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. Sun's Internet Protocol implementation is prone to a routing-table-bypass vulnerability. This vulnerability occurs because the kernel fails to secure that network traffic is routed only to addresses configured in the system's routing table. A successful exploit may allow an attacker to bypass the system's routing-table configuration to redirect traffic to unauthorized addresses. This may allow an attacker to access unauthorized hosts and services by bypassing firewalls. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. The vulnerability is caused due to an error in the IP implementation, which makes it possible to bypass the routing table and send packets to/through an on-link router other than the defined one. The vulnerability affects Solaris 10 with patches 118833-06 through 118833-17 (SPARC) or patches 118855-04 through 118855-14 (x86). SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10: http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118833-18-1 -- x86 Platform -- Solaris 10: http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118855-15-1 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102509-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-3825 // JVNDB: JVNDB-2006-000440 // CNVD: CNVD-2006-5684 // BID: 19108 // PACKETSTORM: 48499

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-5684

AFFECTED PRODUCTS

vendor:sunmodel:solarisscope:eqversion:10.0

Trust: 1.9

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:solarismodel:sun 10.0::sparcscope: - version: -

Trust: 0.6

vendor:sunmodel:solaris 10.0 x86scope: - version: -

Trust: 0.3

vendor:avayamodel:interactive responsescope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2006-5684 // BID: 19108 // JVNDB: JVNDB-2006-000440 // CNNVD: CNNVD-200607-426 // NVD: CVE-2006-3825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3825
value: LOW

Trust: 1.0

NVD: CVE-2006-3825
value: LOW

Trust: 0.8

CNVD: CNVD-2006-5684
value: LOW

Trust: 0.6

CNNVD: CNNVD-200607-426
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2006-3825
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2006-5684
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-5684 // JVNDB: JVNDB-2006-000440 // CNNVD: CNNVD-200607-426 // NVD: CVE-2006-3825

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3825

THREAT TYPE

local

Trust: 1.0

sources: BID: 19108 // PACKETSTORM: 48499 // CNNVD: CNNVD-200607-426

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200607-426

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-000440

PATCH
title:102509url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102509-1
Trust: 0.8
title:102509url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102509-3
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-000440

EXTERNAL IDS
db:NVDid:CVE-2006-3825
Trust: 3.3
db:BIDid:19108
Trust: 2.5
db:SECUNIAid:21163
Trust: 2.5
db:VUPENid:ADV-2006-2937
Trust: 1.6
db:JVNDBid:JVNDB-2006-000440
Trust: 0.8
db:CNVDid:CNVD-2006-5684
Trust: 0.6
db:XFid:27935
Trust: 0.6
db:SUNALERTid:102509
Trust: 0.6
db:CNNVDid:CNNVD-200607-426
Trust: 0.6
db:PACKETSTORMid:48499
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-5684 // 
            
            
            
            BID: 19108 // 
            
            
            
            JVNDB: JVNDB-2006-000440 // 
            
            
            
            PACKETSTORM: 48499 // 
            
            
            
            CNNVD: CNNVD-200607-426 // 
            
            
            
            NVD: CVE-2006-3825

REFERENCES
url:http://www.securityfocus.com/bid/19108
Trust: 2.2
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102509-1
Trust: 1.7
url:http://secunia.com/advisories/21163
Trust: 1.6
url:http://www.vupen.com/english/advisories/2006/2937
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27935
Trust: 1.0
url:http://secunia.com/advisories/21163/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3825
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-3825
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/27935
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/2937
Trust: 0.6
url:http://support.avaya.com/elmodocs2/security/asa-2006-181.htm
Trust: 0.3
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102509-1&searchclause=
Trust: 0.3
url:http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118833-18-1
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4813/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118855-15-1
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-5684 // 
            
            
            
            BID: 19108 // 
            
            
            
            JVNDB: JVNDB-2006-000440 // 
            
            
            
            PACKETSTORM: 48499 // 
            
            
            
            CNNVD: CNNVD-200607-426 // 
            
            
            
            NVD: CVE-2006-3825

CREDITS
The vendor disclosed this issue.
Trust: 0.9
sources:
            
            
            BID: 19108 // 
            
            
            
            CNNVD: CNNVD-200607-426

SOURCES
db:CNVDid:CNVD-2006-5684
db:BIDid:19108
db:JVNDBid:JVNDB-2006-000440
db:PACKETSTORMid:48499
db:CNNVDid:CNNVD-200607-426
db:NVDid:CVE-2006-3825

LAST UPDATE DATE
2024-08-14T14:53:32.004000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-5684date:2006-07-25T00:00:00
db:BIDid:19108date:2007-06-27T03:48:00
db:JVNDBid:JVNDB-2006-000440date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200607-426date:2006-07-26T00:00:00
db:NVDid:CVE-2006-3825date:2017-07-20T01:32:37.460

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-5684date:2006-07-25T00:00:00
db:BIDid:19108date:2006-07-21T00:00:00
db:JVNDBid:JVNDB-2006-000440date:2007-04-01T00:00:00
db:PACKETSTORMid:48499date:2006-07-26T05:33:34
db:CNNVDid:CNNVD-200607-426date:2006-07-25T00:00:00
db:NVDid:CVE-2006-3825date:2006-07-25T13:22:00