Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3630Out-of-bounds Write in Corporation Solaris Operating System

CWE-787Out-of-bounds Write6 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
10.9%
top 6.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation Solaris Operating SystemOracle Solaris
Timeline
PublishedJun 22
Latest updateMay 13

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDoracle/solaris10, 11+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-vf8v-9fpx-4q9j: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)2022-05-13
CVEList
CVE-2017-3630: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)2017-06-22

💥Exploits & PoCs

3
Exploit-DB
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)2018-10-16
Exploit-DB
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation2017-06-28
Metasploit
Solaris RSH Stack Clash Privilege Escalation
CVE-2017-3630 — Out-of-bounds Write | cvebase