Oracle Solaris Critical Patch Update : jul2018_SRU11_3_34_4_0

High Nessus Plugin ID 111191

Synopsis

The remote Solaris system is missing a security patch from CPU
jul2018.

Description

This Solaris system is missing necessary patches to address critical
security updates :

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: Kernel). Supported
versions that are affected are 10 and 11.3. Difficult to
exploit vulnerability allows low privileged attacker
with logon to the infrastructure where Solaris executes
to compromise Solaris. Successful attacks of this
vulnerability can result in takeover of Solaris.
(CVE-2018-1171)

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: NVIDIA-GFX Kernel
driver). The supported version that is affected is 11.3.
Easily exploitable vulnerability allows low privileged
attacker with network access via ISCSI to compromise
Solaris. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of Solaris as
well as unauthorized update, insert or delete access to
some of Solaris accessible data and unauthorized read
access to a subset of Solaris accessible data.
(CVE-2018-2926)

- Vulnerability in the Solaris component of Oracle Sun
Systems Products Suite (subcomponent: RAD). The
supported version that is affected is 11.3. Easily
exploitable vulnerability allows unauthenticated
attacker with network access via multiple protocols to
compromise Solaris. Successful attacks require human
interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in
unauthorized creation, deletion or modification access
to critical data or all Solaris accessible data as well
as unauthorized access to critical data or complete
access to all Solaris accessible data. (CVE-2018-2928)

Solution

Install the jul2018 CPU from the Oracle support website.

See Also

http://www.nessus.org/u?d0716163

Plugin Details

Severity: High

ID: 111191

File Name: solaris_jul2018_SRU11_3_34_4_0.nasl

Version: 1.7

Type: local

Published: 2018/07/20

Modified: 2018/12/21

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:N

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: cpe:/o:oracle:solaris:11.3

Patch Publication Date: 2018/07/17

Reference Information

CVE: CVE-2018-1171, CVE-2018-2926, CVE-2018-2928