Oracle Solaris Critical Patch Update : jan2015_SRU10_5a

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch from CPU
jan2015.

Description :

This Solaris system is missing necessary patches to address critical
security updates :

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: Power Management
Utility). The supported version that is affected is 11.
Easily exploitable vulnerability requiring logon to
Operating System. Successful attack of this
vulnerability can result in unauthorized Operating
System takeover including arbitrary code execution.
(CVE-2014-6510)

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: Unix File
System(UFS)). Supported versions that are affected are
10 and 11. Easily exploitable vulnerability requiring
logon to Operating System. Successful attack of this
vulnerability can result in unauthorized write access to
any arbitrary Operating System location and Operating
System hang or frequently repeatable crash (complete
DOS). (CVE-2014-6518)

See also :

http://www.nessus.org/u?a18ed6f3
http://www.nessus.org/u?c02f1515
https://support.oracle.com/rs?type=doc&id=1956176.1

Solution :

Install the jan2015 CPU from the Oracle support website.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Solaris Local Security Checks

Nessus Plugin ID: 80935 ()

Bugtraq ID: 72131
72160

CVE ID: CVE-2014-6510
CVE-2014-6518

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now