CVE-2017-3631
published 2017-06-22CVE-2017-3631: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily…
PriorityP335medium5.3CVSS 3.0
AVLACLPRLUINSUCLILAL
EXPLOIT
EPSS
5.99%
92.4th percentile
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | solaris | — | — |
| oracle_corporation | solaris_operating_system | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hm92-g5hw-f54f: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)
ghsa_unreviewed·2022-05-13
CVE-2017-3631 [MEDIUM] CWE-119 GHSA-hm92-g5hw-f54f: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel)
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2018-04-24·CVSS 7.1
CVE-2017-13305 linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that a buffer overread vulnerability existed in the
keyring subsystem of the Linux kernel. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2017-13305)
It was discovered that the DM04/QQBOX USB driver in the Linux kernel did
not properly handle device attachment and warm-start. A physically
proximate attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-16538)
Luo Quan and Wei Yang discovered that a race conditi
No detection rules found.
Exploit-DB
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
exploitdb·2018-10-16
CVE-2017-3630 Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Solaris RSH Stack Clash Privilege Escalation',
'Description' => %q{
This module exploits a vulnerability in RSH on unpatched Solaris
systems which allows users to gain root privileges.
The stack guard page on unpatched Solaris systems is of
insufficient size to prevent collisions between the stack
and heap memory, aka Stack Clash.
This module uploads and executes Qualys' Solaris_rsh.c exploit,
which exploits a vulnerability in RSH to bypass the stack guard
page to write to the stack and create a SUID root shell.
This module has offsets for Solaris versions 11.1
Exploit-DB
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
exploitdb·2017-06-28·CVSS 7.8
CVE-2017-3631 [HIGH] Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation
---
/*
* Solaris_rsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631
* Copyright (C) 2017 Qualys, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#i
Metasploit
Solaris RSH Stack Clash Privilege Escalation
metasploit
Solaris RSH Stack Clash Privilege Escalation
Solaris RSH Stack Clash Privilege Escalation
This module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be succes
No writeups or analysis indexed.
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.htmlhttp://www.securityfocus.com/bid/99151https://www.exploit-db.com/exploits/42270/https://www.exploit-db.com/exploits/45625/http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.htmlhttp://www.securityfocus.com/bid/99151https://www.exploit-db.com/exploits/42270/https://www.exploit-db.com/exploits/45625/
2017-06-22
Published