Oracle Solaris Critical Patch Update : apr2017_SRU11_3_19_5_0

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch from CPU
apr2017.

Description :

This Solaris system is missing necessary patches to address critical
security updates :

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: Kernel). The
supported version that is affected is 11.3. Easily
exploitable vulnerability allows low privileged attacker
with logon to the infrastructure where Solaris executes
to compromise Solaris. Successful attacks of this
vulnerability can result in unauthorized read access to
a subset of Solaris accessible data. (CVE-2017-3498)

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: RBAC). The
supported version that is affected is 11.3. Easily
exploitable vulnerability allows low privileged attacker
with logon to the infrastructure where Solaris executes
to compromise Solaris. Successful attacks require human
interaction from a person other than the attacker and
while the vulnerability is in Solaris, attacks may
significantly impact additional products. Successful
attacks of this vulnerability can result in takeover of
Solaris. (CVE-2017-3564)

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: RBAC). The
supported version that is affected is 11.3. Easily
exploitable vulnerability allows low privileged attacker
with logon to the infrastructure where Solaris executes
to compromise Solaris. Successful attacks require human
interaction from a person other than the attacker and
while the vulnerability is in Solaris, attacks may
significantly impact additional products. Successful
attacks of this vulnerability can result in unauthorized
creation, deletion or modification access to critical
data or all Solaris accessible data as well as
unauthorized access to critical data or complete access
to all Solaris accessible data. (CVE-2017-3565)

See also :

http://www.nessus.org/u?08e1362c
http://www.nessus.org/u?623d2c22
https://support.oracle.com/rs?type=doc&id=2252071.1

Solution :

Install the apr2017 CPU from the Oracle support website.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Solaris Local Security Checks

Nessus Plugin ID: 99459 ()

Bugtraq ID:

CVE ID: CVE-2017-3498
CVE-2017-3564
CVE-2017-3565

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now