Sign-up

ID

VAR-201107-0156


CVE

CVE-2011-2299


TITLE

Oracle SPARC Enterprise M Series In XSCF Control Package (XCP) Processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2011-002030

DESCRIPTION

Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to XSCF Control Package (XCP). (DoS) An attack may be carried out. Sun SPARC Enterprise Server is a blade enterprise server. Oracle Sun SPARC Enterprise M Series is prone to a remote vulnerability. The vulnerability can be exploited over the 'SSH' protocol. The 'XSCF Control Package (XCP)' sub component is affected. This vulnerability affects the following supported versions: XCP 1101 or earlier. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SPARC Enterprise M Series XSCF Control Package Vulnerability SECUNIA ADVISORY ID: SA45314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45314 RELEASE DATE: 2011-07-23 DISCUSS ADVISORY: http://secunia.com/advisories/45314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SPARC Enterprise M Series, which can be exploited by malicious people to compromise a vulnerable device. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for July 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html#AppendixSUNS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2011-2299 // JVNDB: JVNDB-2011-002030 // CNVD: CNVD-2011-2800 // BID: 48758 // PACKETSTORM: 103287

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-2800

AFFECTED PRODUCTS

vendor:oraclemodel:sparc enterprise m5000 serverscope:eqversion: -

Trust: 1.6

vendor:oraclemodel:sparc enterprise m4000 serverscope:eqversion: -

Trust: 1.6

vendor:oraclemodel:sparc enterprise m8000 serverscope:eqversion: -

Trust: 1.6

vendor:oraclemodel:sparc enterprise m9000 serverscope:eqversion: -

Trust: 1.6

vendor:oraclemodel:sparc enterprise m3000 serverscope:eqversion: -

Trust: 1.6

vendor:oraclemodel:xcpscope:lteversion:1100

Trust: 1.0

vendor:oraclemodel:sparc enterprise m3000 serverscope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc enterprise m4000 serverscope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc enterprise m5000 serverscope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc enterprise m8000 serverscope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc enterprise m9000 serverscope: - version: -

Trust: 0.8

vendor:oraclemodel:xcpscope:lteversion:1101

Trust: 0.8

vendor:oraclemodel:sun sparc enterprise server m seriesscope: - version: -

Trust: 0.6

vendor:oraclemodel:xcpscope:eqversion:1100

Trust: 0.6

vendor:sunmodel:xcpscope:eqversion:1101

Trust: 0.3

vendor:sunmodel:xcpscope:eqversion:1050

Trust: 0.3

vendor:sunmodel:xcpscope:eqversion:1040

Trust: 0.3

vendor:sunmodel:sparc enterprise m9000 server cpuscope:eqversion:64

Trust: 0.3

vendor:sunmodel:sparc enterprise m9000 server cpuscope:eqversion:32

Trust: 0.3

vendor:sunmodel:sparc enterprise m8000 serverscope: - version: -

Trust: 0.3

vendor:sunmodel:sparc enterprise m5000 serverscope: - version: -

Trust: 0.3

vendor:sunmodel:sparc enterprise m4000 serverscope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2011-2800 // BID: 48758 // JVNDB: JVNDB-2011-002030 // CNNVD: CNNVD-201107-306 // NVD: CVE-2011-2299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2299
value: HIGH

Trust: 1.0

NVD: CVE-2011-2299
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201107-306
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2011-2299
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-002030 // CNNVD: CNNVD-201107-306 // NVD: CVE-2011-2299

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-2299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-306

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201107-306

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002030

PATCH
title:cpujuly2011-313328url:http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
Trust: 0.8
title:july_2011_critical_patch_updateurl:http://blogs.oracle.com/security/entry/july_2011_critical_patch_update
Trust: 0.8
title:TA11-201Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta11-201a.html
Trust: 0.8
title:Patch for SPARC Enterprise M Series XSCF Control Pack Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/4530
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-2800 // 
            
            
            
            JVNDB: JVNDB-2011-002030

EXTERNAL IDS
db:NVDid:CVE-2011-2299
Trust: 3.3
db:USCERTid:TA11-201A
Trust: 1.8
db:SECUNIAid:45314
Trust: 1.3
db:SECTRACKid:1025797
Trust: 0.8
db:JVNDBid:JVNDB-2011-002030
Trust: 0.8
db:CNVDid:CNVD-2011-2800
Trust: 0.6
db:CNNVDid:CNNVD-201107-306
Trust: 0.6
db:BIDid:48758
Trust: 0.3
db:PACKETSTORMid:103287
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-2800 // 
            
            
            
            BID: 48758 // 
            
            
            
            JVNDB: JVNDB-2011-002030 // 
            
            
            
            PACKETSTORM: 103287 // 
            
            
            
            CNNVD: CNNVD-201107-306 // 
            
            
            
            NVD: CVE-2011-2299

REFERENCES
url:http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
Trust: 1.9
url:http://www.us-cert.gov/cas/techalerts/ta11-201a.html
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2299
Trust: 0.8
url:http://jvn.jp/cert/jvnta11-201a
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2299
Trust: 0.8
url:http://www.securitytracker.com/id/1025797
Trust: 0.8
url:http://secunia.com/advisories/45314/
Trust: 0.7
url:http://secunia.com/advisories/45314
Trust: 0.6
url:http://secunia.com/advisories/45314/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/products/corporate/vim/
Trust: 0.1
url:http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html#appendixsuns
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45314
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-2800 // 
            
            
            
            BID: 48758 // 
            
            
            
            JVNDB: JVNDB-2011-002030 // 
            
            
            
            PACKETSTORM: 103287 // 
            
            
            
            CNNVD: CNNVD-201107-306 // 
            
            
            
            NVD: CVE-2011-2299

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 48758

SOURCES
db:CNVDid:CNVD-2011-2800
db:BIDid:48758
db:JVNDBid:JVNDB-2011-002030
db:PACKETSTORMid:103287
db:CNNVDid:CNNVD-201107-306
db:NVDid:CVE-2011-2299

LAST UPDATE DATE
2025-01-14T19:36:29.898000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-2800date:2011-07-22T00:00:00
db:BIDid:48758date:2011-07-19T00:00:00
db:JVNDBid:JVNDB-2011-002030date:2011-08-04T00:00:00
db:CNNVDid:CNNVD-201107-306date:2011-07-21T00:00:00
db:NVDid:CVE-2011-2299date:2024-11-21T01:27:58.337

SOURCES RELEASE DATE
db:CNVDid:CNVD-2011-2800date:2011-07-22T00:00:00
db:BIDid:48758date:2011-07-19T00:00:00
db:JVNDBid:JVNDB-2011-002030date:2011-08-04T00:00:00
db:PACKETSTORMid:103287date:2011-07-23T05:55:16
db:CNNVDid:CNNVD-201107-306date:2011-07-21T00:00:00
db:NVDid:CVE-2011-2299date:2011-07-21T00:55:02.223