Solaris 11 : Multiple Kernel Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Solaris host is missing a vendor-supplied security patch.

Description :

The remote Solaris host is missing a vendor-supplied security patch.
It is, therefore, affected by the following vulnerabilities :

- Multiple security bypass vulnerabilities exist in the
Kernel subcomponent that allow a specially crafted
application to circumvent the stack guard page security
mechanism. A local attacker can exploit these, by using
stack clash methods, to gain elevated privileges.
(CVE-2017-3629, CVE-2017-3630)

- A privilege escalation vulnerability exists in the
Kernel subcomponent when UID binaries are invoked via a
hard-link using a different pathname. A local attacker
can exploit this to gain elevated privileges.
(CVE-2017-3631)

See also :

http://www.nessus.org/u?bc84c529
http://www.nessus.org/u?e1490b6d
https://support.oracle.com/rs?type=doc&id=2277900.1

Solution :

Install SRU 11.3.21.5.0 from the Oracle support website.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Solaris Local Security Checks

Nessus Plugin ID: 100997 ()

Bugtraq ID: 99150
99151
99153

CVE ID: CVE-2017-3629
CVE-2017-3630
CVE-2017-3631

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now