Oracle Security Alert for CVE-2017-3629


Description

This Security Alert addresses CVE-2017-3629 and two other vulnerabilities affecting Oracle Solaris. These are local privilege escalation vulnerabilities that may only be exploited over a network with a valid username and password. Together, these vulnerabilities may allow privilege escalation to root.

Due to the severity of these vulnerabilities and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Affected Products and Versions

Oracle Solaris, versions 10 and 11 are affected.

Patch Availability Table and Risk Matrix


Patch Availability Table


Product Risk Matrix Patch Availability
Oracle Solaris Oracle Sun Systems Products Suite

Credit Statement

Qualys Research Labs reported the security vulnerabilities that are addressed by this Security Alert to Oracle.

References

Modification History


Date Comments
2017-June-20 Rev 2. Replaced Solaris version 11.3 with 11
2017-June-19 Rev 1. Initial Release

 

Appendix - Oracle Sun Systems Products Suite

Oracle Sun Systems Products Suite Executive Summary

This Security Alert contains 3 new security fixes for the Oracle Sun Systems Products Suite.  None of these vulnerabilities are remotely exploitable without authentication, i.e., none may be exploited over a network without valid user credentials.  The English text form of this Risk Matrix can be found here.

Oracle Sun Systems Products Suite Risk Matrix


CVE# Product Component Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2017-3629 Solaris Kernel None No 7.8 Local Low Low None Un-
changed
High High High 10, 11  
CVE-2017-3630 Solaris Kernel None No 5.3 Local Low Low None Un-
changed
Low Low Low 10, 11  
CVE-2017-3631 Solaris Kernel None No 5.3 Local Low Low None Un-
changed
Low Low Low 11