CVE-2017-3629
published 2017-06-22CVE-2017-3629: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily…
PriorityP349high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
5.08%
91.3th percentile
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | solaris | — | — |
| oracle | solaris | — | — |
| oracle_corporation | solaris_operating_system | — | — |
| oracle_corporation | solaris_operating_system | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
exploitdb·2018-10-16
CVE-2017-3630 Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Solaris RSH Stack Clash Privilege Escalation',
'Description' => %q{
This module exploits a vulnerability in RSH on unpatched Solaris
systems which allows users to gain root privileges.
The stack guard page on unpatched Solaris systems is of
insufficient size to prevent collisions between the stack
and heap memory, aka Stack Clash.
This module uploads and executes Qualys' Solaris_rsh.c exploit,
which exploits a vulnerability in RSH to bypass the stack guard
page to write to the stack and create a SUID root shell.
This module has offsets for Solaris versions 11.1
Exploit-DB
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
exploitdb·2017-06-28·CVSS 7.8
CVE-2017-3631 [HIGH] Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
---
/*
* Solaris_rsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631
* Copyright (C) 2017 Qualys, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#i
Metasploit
Solaris RSH Stack Clash Privilege Escalation
metasploit
Solaris RSH Stack Clash Privilege Escalation
Solaris RSH Stack Clash Privilege Escalation
This module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be succes
Qualys
The Stack Clash | Qualys
blogs_qualys·2017-06-19
The Stack Clash | Qualys
#### Table of Contents
- What is the Stack Clash?
- What is the Stack Clash vulnerability, precisely?
- Why is it called the Stack Clash?
- Is it a new vulnerability?
- Is the Stack Clash one or several vulnerabilities?
- Am I affected by the Stack Clash?
- What are the risks posed by the Stack Clash?
- Is it exploitable remotely?
- How can I protect my system from the Stack Clash?
- What if I cant (or dont want to) update or reboot my system?
- Where can I find the Stack Clash exploits?
- Where can I get more information?
- I want to write my own Stack Clash exploit, where do I start?
- Is the Sudo vulnerability Qualys published on May 30 related to Stack Clash?
## What is the Stack Clash?
The Stack Clash is a vulnerability in the memory management of several operating systems. It affe
Qualys
The Stack Clash
blogs_qualys·2017-06-19
The Stack Clash
## Table of Contents
What is the Stack Clash?
What is the Stack Clash vulnerability, precisely?
Why is it called the Stack Clash?
Is it a new vulnerability?
Is the Stack Clash one or several vulnerabilities?
Am I affected by the Stack Clash?
What are the risks posed by the Stack Clash?
Is it exploitable remotely?
How can I protect my system from the Stack Clash?
What if I cant (or dont want to) update or reboot my system?
Where can I find the Stack Clash exploits?
Where can I get more information?
I want to write my own Stack Clash exploit, where do I start?
Is the Sudo vulnerability Qualys published on May 30 related to Stack Clash?
## What is the Stack Clash?
The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBS
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.htmlhttp://www.securityfocus.com/bid/99150https://www.exploit-db.com/exploits/42270/https://www.exploit-db.com/exploits/45625/http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.htmlhttp://www.securityfocus.com/bid/99150https://www.exploit-db.com/exploits/42270/https://www.exploit-db.com/exploits/45625/
2017-06-22
Published