CVE-2017-3623

CRITICAL EXPLOITED IN THE WILD

Oracle Solaris - Remote Buffer Overflow in Kernel RPC

Title source: manual

Exploitation Summary

CVE-2017-3623 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including hantwister.

AI-analyzed exploit summary This exploit targets a remote buffer overflow in IBM AIX's EBBISLAND/EBBSHAVE RPC service (CVE-2017-3623). It crafts a malicious RPC message with a payload that triggers a buffer overflow, leading to arbitrary code execution via a reverse shell.

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for "Ebbisland". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Exploits (1)

exploitdb WORKING POC

by hantwister · pythonremotehardware

https://www.exploit-db.com/exploits/47888

View Code ZIP pw:eip

This exploit targets a remote buffer overflow in IBM AIX's EBBISLAND/EBBSHAVE RPC service (CVE-2017-3623). It crafts a malicious RPC message with a payload that triggers a buffer overflow, leading to arbitrary code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM AIX EBBISLAND/EBBSHAVE (versions 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642)

No auth needed

Prerequisites: Network access to the target's RPC service (port 111 or dynamic ports) · Knowledge of target-specific addresses (gid_base, execl_func, execl_toc) · /usr/bin/bash must exist on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97778

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038292

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/155876/EBBISLAND-EBBSHAVE-6100-09-04-1441-Remote-Buffer-Overflow.html

Scores

CVSS v3 10.0

EPSS 0.2180

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2017-06-20

InTheWild.io 2017-05-25

Status published

Products (2)

oracle/solaris

Oracle Corporation/Solaris Operating System

Published Apr 24, 2017

Tracked Since Feb 18, 2026