Vulnerability CVE-2017-3631

Vulnerability CVE-2017-3631

Published: 2017-06-22

Description:

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Oracle Solaris 11.1 / 11.3 RSH Local Root Stack Clash Exploit	Qualys	29.06.2017
Med.	Solaris RSH Stack Clash Privilege Escalation	Brendan Coles	16.10.2018
Med.	Solaris RSH Stack Clash Privilege Escalation (Metasploit)	Metasploit	22.10.2018

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.6/10	6.4/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Oracle -> Solaris

References:

http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html

http://www.securityfocus.com/bid/99151

https://www.exploit-db.com/exploits/42270/

https://www.exploit-db.com/exploits/45625/

Copyright 2024, cxsecurity.com