CVE-2017-3629

HIGH

Oracle Sun Systems Products Suite Kernel - Takeover

Title source: llm

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalsolaris

https://www.exploit-db.com/exploits/45625

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Qualys Corporation · clocalsolaris_x86

https://www.exploit-db.com/exploits/42270

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-3629-3757403.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99150

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42270/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45625/

Scores

CVSS v3 7.8

EPSS 0.2936

EPSS Percentile 96.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (4)

oracle/solaris 10

oracle/solaris 11

Oracle Corporation/Solaris Operating System 10

Oracle Corporation/Solaris Operating System 11

Published Jun 22, 2017

Tracked Since Feb 18, 2026