Details of VAR-200712-0076

ID

VAR-200712-0076

CVE

CVE-2007-6360

TITLE

Sun XSCF XCP Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-006425

DESCRIPTION

Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion. (1) telnet Network traffic (2) ssh Network traffic (3) http Network traffic. Sun XSCF Control Package (XCP) firmware for SPARC is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to deny service to legitimate users. Versions prior to XCP 1050 are vulnerable. is an XSCF control software package used in servers such as SPARC Enterprise M4000 by Oracle Corporation of the United States. The following products are affected: Oracle SPARC Enterprise M4000, M5000, M8000, M9000 servers. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerabilities are caused due to unspecified errors within telnet, Secure Shell (SSH), and httpd daemons of the firmware, which can be exploited to cause a DoS. SOLUTION: Update to XCP version 1050 or later. http://www.sun.com/download/products.xml?id=46fc425e PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103159-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-6360 // JVNDB: JVNDB-2007-006425 // BID: 26712 // VULHUB: VHN-29722 // PACKETSTORM: 61485

AFFECTED PRODUCTS

vendor:	sun	model:	extended system control facility xcp 1040	scope:	eq	version:	*	Trust: 1.0
vendor:	sun microsystems	model:	extended system control facility xcp 1040	scope:	-	version:	-	Trust: 0.8
vendor:	sun	model:	sparc enterprise server	scope:	eq	version:	m4000	Trust: 0.6
vendor:	sun	model:	sparc enterprise server	scope:	eq	version:	m5000	Trust: 0.6
vendor:	sun	model:	sparc enterprise server	scope:	eq	version:	m8000	Trust: 0.6
vendor:	sun	model:	sparc enterprise server	scope:	eq	version:	m9000	Trust: 0.6
vendor:	sun	model:	xcp	scope:	eq	version:	1040	Trust: 0.3
vendor:	sun	model:	xcp	scope:	ne	version:	1050	Trust: 0.3

sources: BID: 26712 // JVNDB: JVNDB-2007-006425 // CNNVD: CNNVD-201504-483 // NVD: CVE-2007-6360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6360
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-6360
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201504-483
value:	HIGH
Trust: 0.6
VULHUB:	VHN-29722
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-6360
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-29722
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-29722 // JVNDB: JVNDB-2007-006425 // CNNVD: CNNVD-201504-483 // NVD: CVE-2007-6360

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-6360

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-483

TYPE

Unknown

Trust: 0.3

sources: BID: 26712

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-006425

PATCH

title:

Sun Alert 103159

url:

https://blogs.oracle.com/sunsecurity/entry/sun_alert_103159_security_vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-006425

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6360	Trust: 2.8
db:	BID	id:	26712	Trust: 2.0
db:	SECUNIA	id:	27926	Trust: 1.2
db:	SECTRACK	id:	1019048	Trust: 1.1
db:	OSVDB	id:	40842	Trust: 1.1
db:	OSVDB	id:	40844	Trust: 1.1
db:	OSVDB	id:	40843	Trust: 1.1
db:	VUPEN	id:	ADV-2007-4098	Trust: 1.1
db:	JVNDB	id:	JVNDB-2007-006425	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-483	Trust: 0.6
db:	VULHUB	id:	VHN-29722	Trust: 0.1
db:	PACKETSTORM	id:	61485	Trust: 0.1

sources: VULHUB: VHN-29722 // BID: 26712 // JVNDB: JVNDB-2007-006425 // PACKETSTORM: 61485 // CNNVD: CNNVD-201504-483 // NVD: CVE-2007-6360

REFERENCES

url:	http://www.securityfocus.com/bid/26712	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103159-1	Trust: 1.5
url:	http://osvdb.org/40842	Trust: 1.1
url:	http://osvdb.org/40843	Trust: 1.1
url:	http://osvdb.org/40844	Trust: 1.1
url:	http://securitytracker.com/id?1019048	Trust: 1.1
url:	http://secunia.com/advisories/27926	Trust: 1.1
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201333-1	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/4098	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38860	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6360	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6360	Trust: 0.8
url:	http://www.sun.com	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv	Trust: 0.1
url:	http://www.sun.com/download/products.xml?id=46fc425e	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/16788/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/27926/	Trust: 0.1

sources: VULHUB: VHN-29722 // BID: 26712 // JVNDB: JVNDB-2007-006425 // PACKETSTORM: 61485 // CNNVD: CNNVD-201504-483 // NVD: CVE-2007-6360

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 26712

SOURCES

db:	VULHUB	id:	VHN-29722
db:	BID	id:	26712
db:	JVNDB	id:	JVNDB-2007-006425
db:	PACKETSTORM	id:	61485
db:	CNNVD	id:	CNNVD-201504-483
db:	NVD	id:	CVE-2007-6360

LAST UPDATE DATE

2024-11-23T22:39:44.038000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-29722	date:	2017-08-08T00:00:00
db:	BID	id:	26712	date:	2015-05-07T17:34:00
db:	JVNDB	id:	JVNDB-2007-006425	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201504-483	date:	2015-04-24T00:00:00
db:	NVD	id:	CVE-2007-6360	date:	2024-11-21T00:39:57.737

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-29722	date:	2007-12-15T00:00:00
db:	BID	id:	26712	date:	2007-12-05T00:00:00
db:	JVNDB	id:	JVNDB-2007-006425	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	61485	date:	2007-12-05T20:05:44
db:	CNNVD	id:	CNNVD-201504-483	date:	2007-12-05T00:00:00
db:	NVD	id:	CVE-2007-6360	date:	2007-12-15T01:46:00