This Security Alert addresses CVE-2017-3629 and two other vulnerabilities affecting Oracle Solaris. These are local privilege escalation vulnerabilities that may only be exploited over a network with a valid username and password. Together, these vulnerabilities may allow privilege escalation to root.
Due to the severity of these vulnerabilities and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Oracle Solaris, versions 10 and 11 are affected.
Qualys Research Labs reported the security vulnerabilities that are addressed by this Security Alert to Oracle.
|2017-June-20||Rev 2. Replaced Solaris version 11.3 with 11|
|2017-June-19||Rev 1. Initial Release|
This Security Alert contains 3 new security fixes for the Oracle Sun Systems Products Suite. None of these vulnerabilities are remotely exploitable without authentication, i.e., none may be exploited over a network without valid user credentials. The English text form of this Risk Matrix can be found here
|CVE#||Product||Component||Protocol||Remote Exploit without Auth.?||CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)||Supported Versions Affected||Notes|
|Base Score||Attack Vector||Attack Complex||Privs Req'd||User Interact||Scope||Confidentiality||Integrity||Availability|
|CVE-2017-3629||Solaris||Kernel||None||No||7.8||Local||Low||Low||None||Un- changed||High||High||High||10, 11|
|CVE-2017-3630||Solaris||Kernel||None||No||5.3||Local||Low||Low||None||Un- changed||Low||Low||Low||10, 11|