Solaris_rsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631

vendor:

Solaris

by:

Qualys, Inc.

5,3

CVSS

MEDIUM

Buffer Overflow

120

CWE

Product Name: Solaris

Affected Version From: Oracle Solaris 11.1

Affected Version To: Oracle Solaris 11.3

Patch Exists: YES

Related CWE: CVE-2017-3630, CVE-2017-3629, CVE-2017-3631

CPE: o:oracle:solaris:11.1

Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2017-3630/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2017-3629/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2017-3631/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: X86, SPARC

2017

Solaris_rsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631

Solaris_rsh.c is a program that exploits a buffer overflow vulnerability in Oracle Solaris 11.1, 11.2, and 11.3. The vulnerability is caused by improper bounds checking of user-supplied input when handling the -l option. An attacker can exploit this vulnerability to execute arbitrary code with root privileges.

Mitigation:

Upgrade to Oracle Solaris 11.4 or later.

Source

Solaris_rsh.c for CVE-2017-3630, CVE-2017-3629, CVE-2017-3631

Mitigation:

Exploit-DB raw data: