Oracle Solaris Critical Patch Update : apr2017_SRU11_3_17_5_0

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch from CPU
apr2017.

Description :

This Solaris system is missing necessary patches to address critical
security updates :

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: Zone). The
supported version that is affected is 11.3. Easily
exploitable vulnerability allows low privileged attacker
with logon to the infrastructure where Solaris executes
to compromise Solaris. Successful attacks of this
vulnerability can result in unauthorized read access to
a subset of Solaris accessible data. (CVE-2017-3474)

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: Remote
Administration Daemon). The supported version that is
affected is 11.3. Easily exploitable vulnerability
allows unauthenticated attacker with network access via
multiple protocols to compromise Solaris. Successful
attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Solaris
accessible data as well as unauthorized read access to a
subset of Solaris accessible data and unauthorized
ability to cause a partial denial of service (partial
DOS) of Solaris. (CVE-2017-3497)

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: Smartcard
Libraries). The supported version that is affected is
11.3. Easily exploitable vulnerability allows low
privileged attacker with logon to the infrastructure
where Solaris executes to compromise Solaris. Successful
attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash
(complete DOS) of Solaris as well as unauthorized
update, insert or delete access to some of Solaris
accessible data and unauthorized read access to a subset
of Solaris accessible data. (CVE-2017-3551)

See also :

http://www.nessus.org/u?08e1362c
http://www.nessus.org/u?623d2c22
https://support.oracle.com/rs?type=doc&id=2252071.1

Solution :

Install the apr2017 CPU from the Oracle support website.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Solaris Local Security Checks

Nessus Plugin ID: 99457 ()

Bugtraq ID:

CVE ID: CVE-2017-3474
CVE-2017-3497
CVE-2017-3551

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now