Solaris 11 : Multiple Kernel Vulnerabilities

High Nessus Plugin ID 100997


The remote Solaris host is missing a vendor-supplied security patch.


The remote Solaris host is missing a vendor-supplied security patch.
It is, therefore, affected by the following vulnerabilities :

- Multiple security bypass vulnerabilities exist in the Kernel subcomponent that allow a specially crafted application to circumvent the stack guard page security mechanism. A local attacker can exploit these, by using stack clash methods, to gain elevated privileges.
(CVE-2017-3629, CVE-2017-3630)

- A privilege escalation vulnerability exists in the Kernel subcomponent when UID binaries are invoked via a hard-link using a different pathname. A local attacker can exploit this to gain elevated privileges.


Install SRU from the Oracle support website.

See Also

Plugin Details

Severity: High

ID: 100997

File Name: solaris_jun2017_SRU_11_3_21_5_0.nasl

Version: $Revision: 1.2 $

Type: local

Published: 2017/06/22

Modified: 2017/08/16

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.3

Required KB Items: Host/local_checks_enabled, Host/Solaris11/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/06/19

Vulnerability Publication Date: 2017/06/19

Reference Information

CVE: CVE-2017-3629, CVE-2017-3630, CVE-2017-3631

BID: 99150, 99151, 99153

OSVDB: 159411, 159448

IAVA: 2017-A-0184