CVE-2009-0480 — Opensolaris vulnerability

CWE-1893 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 83.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Opensolaris SUN Solaris

Timeline

PublishedFeb 9

Latest updateMay 2

Description

The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages2 packages

▶NVDsun/opensolarissnv_81+80

▶NVDsun/solaris10, 8, 9+2

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-29p3-gqrh-c7mr: The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, wh↗2022-05-02

▶

CVEList

CVE-2009-0480: The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, wh↗2009-02-09

▶