Oracle Security Alert for CVE-2017-3629
This Security Alert addresses CVE-2017-3629 and two other vulnerabilities affecting Oracle Solaris. These are local privilege escalation vulnerabilities that may only be exploited over a network with a valid username and password. Together, these vulnerabilities may allow privilege escalation to root.
Due to the severity of these vulnerabilities and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Affected Products and Versions
Oracle Solaris, versions 10 and 11 are affected.
Patch Availability Table and Risk Matrix
Patch Availability Table
Qualys Research Labs reported the security vulnerabilities that are addressed by this Security Alert to Oracle.
- Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]
- Oracle Critical Patch Updates and Security Alerts – Frequently Asked Questions [ CPU FAQ ]
- Risk Matrix definitions [ Risk Matrix Definitions]
- Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]
- English text version of risk matrix [ Oracle Technology Network ]
|2017-June-20||Rev 2. Replaced Solaris version 11.3 with 11|
|2017-June-19||Rev 1. Initial Release|
Appendix – Oracle Sun Systems Products Suite
Oracle Sun Systems Products Suite Executive Summary
This Security Alert contains 3 new security fixes for the Oracle Sun Systems Products Suite. None of these vulnerabilities are remotely exploitable without authentication, i.e., none may be exploited over a network without valid user credentials. The English text form of this Risk Matrix can be found here
Oracle Sun Systems Products Suite Risk Matrix
|CVE#||Product||Component||Protocol||Remote Exploit without Auth.?||CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)||Supported Versions Affected||Notes|
|Base Score||Attack Vector||Attack Complex||Privs Req’d||User Interact||Scope||Confidentiality||Integrity||Availability|
|CVE-2017-3629||Solaris||Kernel||None||No||7.8||Local||Low||Low||None||Un- changed||High||High||High||10, 11|
|CVE-2017-3630||Solaris||Kernel||None||No||5.3||Local||Low||Low||None||Un- changed||Low||Low||Low||10, 11|