Solaris 10 (sparc) : 126546-06

critical Nessus Plugin ID 77913

Synopsis

The remote host is missing Oracle Security Patch number 126546-06

Description

SunOS 5.10: bash patch.

Date this patch was last updated by Oracle : Sep/26/14

Solution

You should install this patch for your system to be up-to-date.

See Also

http://seclists.org/oss-sec/2014/q3/650

http://www.nessus.org/u?dacf7829

https://www.invisiblethreat.ca/2014/09/cve-2014-6271/

https://blogs.oracle.com/patch/entry/solaris_idrs_available_on_mos

https://getupdates.oracle.com/readme/126546-06

Plugin Details

Severity: Critical

ID: 77913

File Name: solaris10_126546-06.nasl

Version: 1.16

Type: local

Published: 9/26/2014

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:sun:solaris

Required KB Items: Host/local_checks_enabled, Host/Solaris/showrev, Host/Solaris/pkginfo

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/26/2014

Vulnerability Publication Date: 9/24/2014

CISA Known Exploited Vulnerability Due Dates: 7/28/2022

Exploitable With

Core Impact

Metasploit (Apache mod_cgi Bash Environment Variable Code Injection (Shellshock))

Reference Information

CVE: CVE-2014-6271, CVE-2014-7169

BID: 70103, 70137

CERT: 252743

IAVA: 2014-A-0142