No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle Security Alert for CVE-2017-3629


This Security Alert addresses CVE-2017-3629 and two other vulnerabilities affecting Oracle Solaris. These are local privilege escalation vulnerabilities that may only be exploited over a network with a valid username and password. Together, these vulnerabilities may allow privilege escalation to root.

Due to the severity of these vulnerabilities and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Affected Products and Versions

Oracle Solaris, versions 10 and 11 are affected.

Patch Availability Table and Risk Matrix

Patch Availability Table

Product Risk Matrix Patch Availability
Oracle Solaris Oracle Sun Systems Products Suite

Credit Statement

Qualys Research Labs reported the security vulnerabilities that are addressed by this Security Alert to Oracle.


Modification History

Date Comments
2017-June-20 Rev 2. Replaced Solaris version 11.3 with 11
2017-June-19 Rev 1. Initial Release

Appendix - Oracle Sun Systems Products Suite

Oracle Sun Systems Products Suite Executive Summary

This Security Alert contains 3 new security fixes for the Oracle Sun Systems Products Suite.  None of these vulnerabilities are remotely exploitable without authentication, i.e., none may be exploited over a network without valid user credentials.  The English text form of this Risk Matrix can be found here

Oracle Sun Systems Products Suite Risk Matrix

CVE# Product Component Protocol Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Attack Vector Attack Complex Privs Req'd User Interact Scope Confid­entiality Inte­grity Avail­ability
CVE-2017-3629 Solaris Kernel None No 7.8 Local Low Low None Un- changed High High High 10, 11
CVE-2017-3630 Solaris Kernel None No 5.3 Local Low Low None Un- changed Low Low Low 10, 11
CVE-2017-3631 Solaris Kernel None No 5.3 Local Low Low None Un- changed Low Low Low 11