|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-11-07 | |
| Rule Name: | Oracle Solaris RPC Heap Buffer Overflow Vulnerability - 2 (CVE-2017-3623) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A buffer overflow vulnerability was found in the RPC module of Oracle Solaris. The vulnerability is caused by insufficiently large buffer allocated to store data. Remote attackers can exploit the vulnerability by sending crafted RPC packets to the affected system. Successful exploitation will lead to arbitrary code execution with root privileges. | |
| Impact: | The vulnerability is very critical since attacker can conduct multiple kinds of attacks, such as denial of service, arbitrary code execution, privilege escalation. | |
| Affected OS: | Solaris | |
| Reference: | http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html SecurityFocusBID:97778 SecurityTrackerID:1038292 |
|
| Solutions |
|---|
| Oracle has released a fix as part of the April 2017 Oracle Critical Patch Update. Please check the following url for more infomation: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html |