Detections
Analytics

Solaris XDR RPC Request Handling RCE (April 2017 CPU) (EBBISLAND / EBBSHAVE)

critical Nessus Plugin ID 103532

Language:

Synopsis

The remote Solaris host is affected by a remote code execution vulnerability.

Description

Nessus was able to execute shellcode and run a system command on the remote Solaris host. Solaris 6, 7, 8, 9, and 10 are affected by a remote code execution vulnerability in the XDR RPC service due to an overflow condition caused by improper validation of user-supplied input when handling RPC requests. An unauthenticated, remote attacker can exploit this, via a specially crafted RPC request, to execute arbitrary code.

EBBISLAND / EBBSHAVE is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as the Shadow Brokers.

Solution

Upgrade to Solaris 11 or later. Alternatively, upgrade to Solaris 10 Update 11, or upgrade to Solaris 10 and apply any kernel patch released after 2012/01/26.

See Also

http://www.nessus.org/u?9b84a0bd

http://www.nessus.org/u?3ee03e31

Plugin Details

Severity: Critical

ID: 103532

File Name: rpc_ebbshave.nbin

Version: 1.57

Type: remote

Family: RPC

Published: 9/28/2017

Updated: 3/19/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:solaris

Required KB Items: Host/OS, rpc/portmap

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 4/18/2017

Vulnerability Publication Date: 4/8/2017

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-3623

BID: 97778