cnvd - cnvd-2019-38538

cnvd-2019-38538

Vulnerability from cnvd

Title: Oracle Solaris存在未明漏洞（CNVD-2019-38538）

Description:

Oracle Solaris是一款类Unix操作系统。

Oracle Solaris 10、11中的Filesystem组件存在安全漏洞。攻击者可利用该漏洞未经授权更新、插入或删除某些Oracle Solaris可访问数据，及未经授权读取一部分Oracle Solaris可访问数据，还可导致Oracle Solaris部分拒绝服务。

Severity: 中

Patch Name: Oracle Solaris存在未明漏洞（CNVD-2019-38538）的补丁

Patch Description:

Oracle Solaris是一款类Unix操作系统。

Oracle Solaris 10、11中的Filesystem组件存在安全漏洞。攻击者可利用该漏洞未经授权更新、插入或删除某些Oracle Solaris可访问数据，及未经授权读取一部分Oracle Solaris可访问数据，还可导致Oracle Solaris部分拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Reference: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Impacted products

Name
['Oracle Oracle Solaris 10', 'Oracle Oracle Solaris 11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-2765",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-2765"
    }
  },
  "description": "Oracle Solaris\u662f\u4e00\u6b3e\u7c7bUnix\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nOracle Solaris 10\u300111\u4e2d\u7684Filesystem\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u7ecf\u6388\u6743\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u67d0\u4e9bOracle Solaris\u53ef\u8bbf\u95ee\u6570\u636e\uff0c\u53ca\u672a\u7ecf\u6388\u6743\u8bfb\u53d6\u4e00\u90e8\u5206Oracle Solaris\u53ef\u8bbf\u95ee\u6570\u636e\uff0c\u8fd8\u53ef\u5bfc\u81f4Oracle Solaris\u90e8\u5206\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-38538",
  "openTime": "2019-11-01",
  "patchDescription": "Oracle Solaris\u662f\u4e00\u6b3e\u7c7bUnix\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nOracle Solaris 10\u300111\u4e2d\u7684Filesystem\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u7ecf\u6388\u6743\u66f4\u65b0\u3001\u63d2\u5165\u6216\u5220\u9664\u67d0\u4e9bOracle Solaris\u53ef\u8bbf\u95ee\u6570\u636e\uff0c\u53ca\u672a\u7ecf\u6388\u6743\u8bfb\u53d6\u4e00\u90e8\u5206Oracle Solaris\u53ef\u8bbf\u95ee\u6570\u636e\uff0c\u8fd8\u53ef\u5bfc\u81f4Oracle Solaris\u90e8\u5206\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Solaris\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-38538\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle Oracle Solaris 10",
      "Oracle Oracle Solaris 11"
    ]
  },
  "referenceLink": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-17",
  "title": "Oracle Solaris\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-38538\uff09"
}

CVE-2019-2765 (GCVE-0-2019-2765)

Vulnerability from cvelistv5

Published

2019-10-16 17:40

Modified

2024-10-01 16:33

Severity ?

CWE

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris.

Summary

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L).

References

▼	URL	Tags
	http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Solaris Operating System	Version: 10 Version: 11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:03:41.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-2765",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T16:15:44.495111Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T16:33:52.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Solaris Operating System",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "10"
            },
            {
              "status": "affected",
              "version": "11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.  While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as  unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T17:40:52",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Solaris Operating System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "10"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.  While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as  unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2019-2765",
    "datePublished": "2019-10-16T17:40:52",
    "dateReserved": "2018-12-14T00:00:00",
    "dateUpdated": "2024-10-01T16:33:52.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted