Showing 1 - 2 of 2

CVE-2017-3631

Status Candidate

Overview

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Related Files

Solaris RSH Stack Clash Privilege Escalation: Posted Oct 15, 2018; Authored by Brendan Coles, Qualys Security Advisory | Site metasploit.com; This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This Metasploit module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful. This Metasploit module has been tested successfully on Solaris 11.1 (x86) and Solaris 11.3 (x86).; tags | exploit, shell, x86, root; systems | solaris; advisories | CVE-2017-1000364, CVE-2017-3629, CVE-2017-3630, CVE-2017-3631; SHA-256 | 1e59da07b25c5d7ed7f7081baca4d6ef68b592b7e64e01af24769ec5d101e1a3; Download | Favorite | View

Oracle Solaris 11.1 / 11.3 rsh Stack Clash Privilege Escalation: Posted Jun 29, 2017; Site qualys.com; Oracle Solaris versions 11.1 and 11.3 rsh local privilege escalation stack clash exploit.; tags | exploit, local; systems | solaris; advisories | CVE-2017-3629, CVE-2017-3630, CVE-2017-3631; SHA-256 | d6fc2124ab39b596a408ba197a8da71c03b284c1dac54ac107cc4d471c892d32; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 270 files
indoushka 155 files
Jay Turla 150 files
Ubuntu 66 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,096)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,754)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,812)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

CVE-2017-3631

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems