Vulnerability CVE-2020-2771

Vulnerability CVE-2020-2771

Published: 2020-04-15

Description:

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N).

See advisories in our WLB2 database:

	Topic	Author	Date
High	Oracle Solaris 11.x / 10 whodo / w Buffer Overflow	Marco Ivaldi	18.04.2020

Type:

NVD-CWE-noinfo

CVSS2 => (AV:L/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
1.2/10	2.9/10	1.9/10

Exploit range	Attack complexity	Authentication
Local	High	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Oracle -> Solaris

References:

http://packetstormsecurity.com/files/157282/Oracle-Solaris-11.x-10-whodo-w-Buffer-Overflow.html

http://seclists.org/fulldisclosure/2020/Apr/25

http://www.openwall.com/lists/oss-security/2020/04/15/3

https://www.oracle.com/security-alerts/cpuapr2020.html

Copyright 2024, cxsecurity.com