Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3629Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Solaris Operating System

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
7.8HIGHNVD
EPSS
29.4%
top 3.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation Solaris Operating SystemOracle Solaris
Timeline
PublishedJun 22
Latest updateMay 13

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDoracle/solaris10, 11+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-p5c5-mm39-5jhx: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)2022-05-13
CVEList
CVE-2017-3629: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)2017-06-22

💥Exploits & PoCs

3
Exploit-DB
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)2018-10-16
Exploit-DB
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation2017-06-28
Metasploit
Solaris RSH Stack Clash Privilege Escalation

🕵️Threat Intelligence

2
Qualys
The Stack Clash | Qualys2017-06-19
Qualys
The Stack Clash2017-06-19
CVE-2017-3629 — HIGH severity | cvebase