Sign-up

ID

VAR-201310-0152


CVE

CVE-2013-3838


TITLE

Sun System Firmware Run in Oracle SPARC Enterprise T & M In series server Sun System Firmware/Hypervisor Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004682

DESCRIPTION

Unspecified vulnerability in Oracle SPARC Enterprise T & M Series Servers running Sun System Firmware before 6.7.13 for SPARC T1, 7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & T4, 9.0.0.d for SPARC T5 and 9.0.1.e for SPARC M5 allows local users to affect availability via unknown vectors related to Sun System Firmware/Hypervisor. Oracle Sun Products Suite is prone to a local security vulnerability. The 'Sun System Firmware/Hypervisor' sub component is affected. This vulnerability affects the following supported versions: Sun System Firmware before 6.7.13, 7.4.6.c, 8.3.0.b, 9.0.0.d and 9.0.1.e. A local attacker could exploit this vulnerability to cause a denial of service (the operating system hangs or crashes), affecting data availability

Trust: 1.98

sources: NVD: CVE-2013-3838 // JVNDB: JVNDB-2013-004682 // BID: 63086 // VULHUB: VHN-63840

AFFECTED PRODUCTS

vendor:oraclemodel:sparc t4-1bscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sun systemscope:lteversion:7.4.6

Trust: 1.0

vendor:oraclemodel:sparc t3-4scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sparc t4-1scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sparc t3-2scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sparc t3-1scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sparc t4-4scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sparc enterprise m9000 serverscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sun systemscope:lteversion:9.0.1

Trust: 1.0

vendor:oraclemodel:sparc t3-3scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sun systemscope:lteversion:9.0.0

Trust: 1.0

vendor:oraclemodel:sparc t4-2scope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sun systemscope:lteversion:6.7.12

Trust: 1.0

vendor:oraclemodel:sun systemscope:lteversion:8.3.0

Trust: 1.0

vendor:oraclemodel:sparc t3-1bscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sparc enterprise m8000 serverscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:sparc m5scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t3-1scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t3-1bscope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t3-2scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t3-3scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t3-4scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t4-1scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t4-1bscope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t4-2scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t4-4scope: - version: -

Trust: 0.8

vendor:oraclemodel:sparc t5scope: - version: -

Trust: 0.8

vendor:oraclemodel:sun systemscope:ltversion:6.7.13 (sparc t1)

Trust: 0.8

vendor:oraclemodel:sun systemscope:ltversion:7.4.6.c (sparc t2)

Trust: 0.8

vendor:oraclemodel:sun systemscope:ltversion:8.3.0.b (sparc t3 and t4)

Trust: 0.8

vendor:oraclemodel:sun systemscope:ltversion:9.0.0.d (sparc t5)

Trust: 0.8

vendor:oraclemodel:sun systemscope:ltversion:9.0.1.e (sparc m5)

Trust: 0.8

vendor:oraclemodel:sun systemscope:eqversion:7.4.6

Trust: 0.6

vendor:oraclemodel:sun systemscope:eqversion:8.3.0

Trust: 0.6

vendor:oraclemodel:sun systemscope:eqversion:9.0.1

Trust: 0.6

vendor:oraclemodel:sun systemscope:eqversion:6.7.12

Trust: 0.6

vendor:oraclemodel:sun systemscope:eqversion:9.0.0

Trust: 0.6

vendor:avayamodel:irscope:eqversion:4.0

Trust: 0.3

sources: BID: 63086 // JVNDB: JVNDB-2013-004682 // CNNVD: CNNVD-201310-338 // NVD: CVE-2013-3838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3838
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3838
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-338
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63840
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3838
severity: MEDIUM
baseScore: 4.0
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63840
severity: MEDIUM
baseScore: 4.0
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63840 // JVNDB: JVNDB-2013-004682 // CNNVD: CNNVD-201310-338 // NVD: CVE-2013-3838

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-3838

THREAT TYPE

local

Trust: 0.9

sources: BID: 63086 // CNNVD: CNNVD-201310-338

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201310-338

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004682

PATCH
title:Oracle Critical Patch Update Advisory - October 2013url:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2013 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpuoct2013verbose-1899842.html
Trust: 0.8
title:October 2013 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/october_2013_critical_patch_update
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004682

EXTERNAL IDS
db:NVDid:CVE-2013-3838
Trust: 2.8
db:JVNDBid:JVNDB-2013-004682
Trust: 0.8
db:CNNVDid:CNNVD-201310-338
Trust: 0.7
db:BIDid:63086
Trust: 0.4
db:VULHUBid:VHN-63840
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63840 // 
            
            
            
            BID: 63086 // 
            
            
            
            JVNDB: JVNDB-2013-004682 // 
            
            
            
            CNNVD: CNNVD-201310-338 // 
            
            
            
            NVD: CVE-2013-3838

REFERENCES
url:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3838
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3838
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://downloads.avaya.com/css/p8/documents/100176277
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63840 // 
            
            
            
            BID: 63086 // 
            
            
            
            JVNDB: JVNDB-2013-004682 // 
            
            
            
            CNNVD: CNNVD-201310-338 // 
            
            
            
            NVD: CVE-2013-3838

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 63086

SOURCES
db:VULHUBid:VHN-63840
db:BIDid:63086
db:JVNDBid:JVNDB-2013-004682
db:CNNVDid:CNNVD-201310-338
db:NVDid:CVE-2013-3838

LAST UPDATE DATE
2025-04-11T23:20:34.366000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63840date:2013-10-16T00:00:00
db:BIDid:63086date:2015-03-19T09:30:00
db:JVNDBid:JVNDB-2013-004682date:2013-10-17T00:00:00
db:CNNVDid:CNNVD-201310-338date:2013-10-18T00:00:00
db:NVDid:CVE-2013-3838date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63840date:2013-10-16T00:00:00
db:BIDid:63086date:2013-10-15T00:00:00
db:JVNDBid:JVNDB-2013-004682date:2013-10-17T00:00:00
db:CNNVDid:CNNVD-201310-338date:2013-10-18T00:00:00
db:NVDid:CVE-2013-3838date:2013-10-16T15:55:33.990