ID CVE-2009-4075
Summary Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread."
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:10:-:x86
    cpe:2.3:o:sun:solaris:10:-:x86
  • cpe:2.3:o:sun:solaris:10:-:sparc
    cpe:2.3:o:sun:solaris:10:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_99:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_99:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_99:-:x86
    cpe:2.3:o:sun:opensolaris:snv_99:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_100:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_100:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_100:-:x86
    cpe:2.3:o:sun:opensolaris:snv_100:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_101:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_101:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_101:-:x86
    cpe:2.3:o:sun:opensolaris:snv_101:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_102:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_102:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_102:-:x86
    cpe:2.3:o:sun:opensolaris:snv_102:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_103:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_103:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_103:-:x86
    cpe:2.3:o:sun:opensolaris:snv_103:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_104:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_104:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_104:-:x86
    cpe:2.3:o:sun:opensolaris:snv_104:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_105:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_105:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_105:-:x86
    cpe:2.3:o:sun:opensolaris:snv_105:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_106:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_106:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_106:-:x86
    cpe:2.3:o:sun:opensolaris:snv_106:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_107:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_107:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_107:-:x86
    cpe:2.3:o:sun:opensolaris:snv_107:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_108:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_108:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_108:-:x86
    cpe:2.3:o:sun:opensolaris:snv_108:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_109:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_109:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_109:-:x86
    cpe:2.3:o:sun:opensolaris:snv_109:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_110:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_110:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_110:-:x86
    cpe:2.3:o:sun:opensolaris:snv_110:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_111:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_111:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_111:-:x86
    cpe:2.3:o:sun:opensolaris:snv_111:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_112:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_112:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_112:-:x86
    cpe:2.3:o:sun:opensolaris:snv_112:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_113:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_113:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_113:-:x86
    cpe:2.3:o:sun:opensolaris:snv_113:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_114:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_114:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_114:-:x86
    cpe:2.3:o:sun:opensolaris:snv_114:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_115:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_115:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_115:-:x86
    cpe:2.3:o:sun:opensolaris:snv_115:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_116:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_116:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_116:-:x86
    cpe:2.3:o:sun:opensolaris:snv_116:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_117:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_117:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_117:-:x86
    cpe:2.3:o:sun:opensolaris:snv_117:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_118:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_118:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_119:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_119:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_119:-:x86
    cpe:2.3:o:sun:opensolaris:snv_119:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_120:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_120:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_120:-:x86
    cpe:2.3:o:sun:opensolaris:snv_120:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_121:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_121:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_121:-:x86
    cpe:2.3:o:sun:opensolaris:snv_121:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_122:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_122:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_122:-:x86
    cpe:2.3:o:sun:opensolaris:snv_122:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_123:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_123:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_123:-:x86
    cpe:2.3:o:sun:opensolaris:snv_123:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_118:-:x86
    cpe:2.3:o:sun:opensolaris:snv_118:-:x86
CVSS
Base: 5.0 (as of 25-11-2009 - 13:42)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_143140.NASL
    description SunOS 5.10: ssh patch. Date this patch was last updated by Sun : Jun/18/10
    last seen 2018-09-02
    modified 2018-08-13
    plugin id 42919
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42919
    title Solaris 10 (sparc) : 143140-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141525.NASL
    description SunOS 5.10_x86: ssh and openssl patch. Date this patch was last updated by Sun : Jun/18/10
    last seen 2018-09-02
    modified 2018-08-13
    plugin id 42188
    published 2009-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42188
    title Solaris 10 (x86) : 141525-10
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141525-10.NASL
    description SunOS 5.10_x86: ssh and openssl patch. Date this patch was last updated by Sun : Jun/18/10
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 108025
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108025
    title Solaris 10 (x86) : 141525-10
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_143140-04.NASL
    description SunOS 5.10: ssh patch. Date this patch was last updated by Sun : Jun/18/10
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107539
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107539
    title Solaris 10 (sparc) : 143140-04
refmap via4
bid 37116
confirm http://sunsolve.sun.com/search/document.do?assetkey=1-21-143140-01-1
osvdb 60498
sunalert 272629
vupen ADV-2009-3333
xf solaris-sshd1m-dos(54401)
Last major update 19-12-2009 - 01:59
Published 25-11-2009 - 13:30
Last modified 16-08-2017 - 21:31
Back to Top