SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Oracle, Sun
Solaris Kernel Multiple Bugs Let Remote and Local Users Access Data, Modify Data, and Deny Service on the Target System
SecurityTracker Alert ID:  1041895
SecurityTracker URL:  http://securitytracker.com/id/1041895
CVE Reference:   CVE-2016-5244, CVE-2018-2922, CVE-2018-3172, CVE-2018-3263, CVE-2018-3264, CVE-2018-3265, CVE-2018-3266, CVE-2018-3267, CVE-2018-3268, CVE-2018-3269, CVE-2018-3270, CVE-2018-3271, CVE-2018-3272, CVE-2018-3273, CVE-2018-3274, CVE-2018-3275   (Links to External Site)
Date:  Oct 16 2018
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11.3, 11.4
Description:   Multiple vulnerabilities were reported in Solaris. A remote or local user can access and modify data on the target system. A remote or local user can cause denial of service conditions on the target system.

A remote user can exploit a flaw in the Solaris Remote Administration Daemon (RAD) component to access and modify data [CVE-2018-3273].

A remote user can exploit a flaw in the Solaris Kernel component to access data [CVE-2016-5244].

A remote user can exploit a flaw in the Solaris LibKMIP component to access and modify data [CVE-2018-3275].

A local user can exploit a flaw in the Solaris Kernel Zones Virtualized NIC Driver component to cause denial of service conditions [CVE-2018-3272].

A remote authenticated user can exploit a flaw in the Solaris Kernel component to cause denial of service conditions [CVE-2018-3274].

A remote user can exploit a flaw in the Solaris Sudo component to partially access data, partially modify data, and partially deny service [CVE-2018-3263].

A remote user can exploit a flaw in the Solaris LFTP component to partially access data [CVE-2018-3267].

A local user can exploit a flaw in the Solaris Kernel Zones component to cause denial of service conditions [CVE-2018-3271].

A remote user can exploit a flaw in the Solaris RPC component to cause partial denial of service conditions [CVE-2018-3172].

A remote user can exploit a flaw in the Solaris SMB Server component to cause partial denial of service conditions [CVE-2018-3268].

A local user can exploit a flaw in the Solaris Zones component to partially access data, partially modify data, and partially deny service [CVE-2018-3265].

A local user can exploit a flaw in the Solaris Kernel component to partially modify data and cause partial denial of service conditions [CVE-2018-3264].

A remote authenticated user can exploit a flaw in the Solaris SMB Server component to cause partial denial of service conditions [CVE-2018-3269].

A local user can exploit a flaw in the Solaris Verified Boot component to partially access data, partially modify data, and partially deny service [CVE-2018-3266].

A local user can exploit a flaw in the Solaris Kernel component to partially access data [CVE-2018-2922].

A local user can exploit a flaw in the Solaris Kernel component to cause partial denial of service conditions [CVE-2018-3270].

Mauricio Correa of Xlabs reported one of these vulnerability.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A local user can cause denial of service conditions on the target system.

A remote user can cause denial of service conditions.

A local user can obtain data on the target system.

A local user can modify data on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2018.

The vendor advisory is available at:

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC