Solaris Flaws Let Remote and Local Users Obtain Elevated Privileges and Deny Service and Let Local Users Access and Modify Data
|
SecurityTracker Alert ID: 1038938 |
SecurityTracker URL: http://securitytracker.com/id/1038938
|
CVE Reference:
CVE-2017-10003, CVE-2017-10004, CVE-2017-10036, CVE-2017-10042, CVE-2017-10062, CVE-2017-10095, CVE-2017-10122, CVE-2017-3632
(Links to External Site)
|
Updated: Jul 19 2017
|
Original Entry Date: Jul 18 2017
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10, 11
|
Description:
Multiple vulnerabilities were reported in Solaris. A remote or local user can gain elevated privileges on the target system. A remote or local user can cause denial of service conditions on the target system. A local user can access or modify data on the target system.
A remote user can exploit a flaw in the Solaris CDE Calendar component to gain elevated privileges [CVE-2017-3632].
A remote user can exploit a flaw in the Solaris IKE component to cause denial of service conditions [CVE-2017-10042].
A remote user can exploit a flaw in the Solaris NFSv4 component to cause denial of service conditions [CVE-2017-10036].
A local user can exploit a flaw in the Solaris Kernel component to gain elevated privileges [CVE-2017-10004].
A local user can exploit a flaw in the Solaris Oracle Java Web Console component to partially access data, partially modify data, and partially deny service [CVE-2017-10062].
A local user can exploit a flaw in the Solaris Network Services Library component to partially access data, partially modify data, and partially deny service [CVE-2017-10003].
A local user can exploit a flaw in the Solaris Kernel component to partially modify data [CVE-2017-10095, CVE-2017-10122].
CERT/CC reported one vulnerability.
|
Impact:
A remote user can cause denial of service conditions.
A local user can obtain data on the target system.
A local user can obtain elevated privileges on the target system.
A local user can modify data on the target system.
A remote user can gain elevated privileges on the target system.
|
Solution:
The vendor has issued a fix as part of the July 2017 Oracle Critical Patch Update.
The vendor advisory is available at:
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
|
Vendor URL: www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html (Links to External Site)
|
Cause:
Not specified
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|