Security News > 2020 > November > Oracle Solaris Zero-Day Attack Revealed
The vulnerability exists in the Oracle Solaris Pluggable Authentication Module and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system.
"In mid-2020, we observed UNC1945 deploy EVILSUN-a remote-exploitation tool containing a zero-day exploit for CVE-2020-14871 - on a Solaris 9 server," said researchers with FireEye, in a Monday analysis.
Researchers first observed threat actors gaining access to a Solaris server and installing a backdoor in late 2018.
"To further obfuscate activity, a Linux ELF packer named STEELCORGI was executed in memory on the Solaris system," said researchers.
"UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection," said researchers.
News URL
https://threatpost.com/oracle-solaris-zero-day-attack/160929/
Related news
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14871 | Out-of-bounds Write vulnerability in Oracle Solaris 10/11/9 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). | 0.0 |