Vulnerability CVE-2020-2851

Vulnerability CVE-2020-2851

Published: 2020-04-15

Description:

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

See advisories in our WLB2 database:

	Topic	Author	Date
High	Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow	Marco Ivaldi	18.04.2020

Type:

NVD-CWE-noinfo

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.4/10	6.4/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Oracle -> Solaris

References:

http://packetstormsecurity.com/files/157281/Common-Desktop-Environment-2.3.1-1.6-libDtSvc-Buffer-Overflow.html

http://seclists.org/fulldisclosure/2020/Apr/25

http://www.openwall.com/lists/oss-security/2020/04/15/3

https://www.oracle.com/security-alerts/cpuapr2020.html

Copyright 2024, cxsecurity.com