Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3631Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Solaris Operating System

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
5.3MEDIUMNVD
OSV7.1
EPSS
10.9%
top 6.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation Solaris Operating SystemOracle Solaris
Timeline
PublishedJun 22
Latest updateMay 13

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data a

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-hm92-g5hw-f54f: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)2022-05-13
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-04-24
CVEList
CVE-2017-3631: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)2017-06-22

💥Exploits & PoCs

3
Exploit-DB
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)2018-10-16
Exploit-DB
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation2017-06-28
Metasploit
Solaris RSH Stack Clash Privilege Escalation
CVE-2017-3631 — MEDIUM severity | cvebase