Vulnerabilities > CVE-2017-3623 - Remote Code Execution vulnerability in Oracle Solaris
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for "Ebbisland". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 |
Exploit-Db
| id | EDB-ID:47888 |
| last seen | 2020-01-08 |
| modified | 2020-01-08 |
| published | 2020-01-08 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/47888 |
| title | EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow |
Nessus
NASL family AIX Local Security Checks NASL id AIX_IJ09805.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119618 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119618 title AIX 7.2 TL 3 : solaris (IJ09805) code # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory solaris_advisory.asc. # include("compat.inc"); if (description) { script_id(119618); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:05"); script_cve_id("CVE-2017-3623"); script_name(english:"AIX 7.2 TL 3 : solaris (IJ09805)"); script_summary(english:"Check for APAR IJ09805"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/solaris_advisory.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3623"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/11"); script_set_attribute(attribute:"generated_plugin", value:"former"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.2", ml:"03", sp:"00", patch:"IJ09805s0a", package:"core", minfilesetver:"7.2.3.0", maxfilesetver:"7.2.3.0") < 0) flag++; if (aix_check_ifix(release:"7.2", ml:"03", sp:"01", patch:"IJ09805s0a", package:"core", minfilesetver:"7.2.3.0", maxfilesetver:"7.2.3.0") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IJ10134.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119621 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119621 title AIX 6.1 TL 9 : solaris (IJ10134) code # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory solaris_advisory.asc. # include("compat.inc"); if (description) { script_id(119621); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:05"); script_cve_id("CVE-2017-3623"); script_name(english:"AIX 6.1 TL 9 : solaris (IJ10134)"); script_summary(english:"Check for APAR IJ10134"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/solaris_advisory.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3623"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/11"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/11"); script_set_attribute(attribute:"generated_plugin", value:"former"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"6.1", ml:"09", sp:"10", patch:"IJ10134sAa", package:"bos.net.tcp.client", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.400") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"09", sp:"11", patch:"IJ10134sBa", package:"bos.net.tcp.client", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.315") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"09", sp:"11", patch:"IJ10134sBb", package:"bos.net.tcp.client", minfilesetver:"6.1.9.316", maxfilesetver:"6.1.9.316") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"09", sp:"12", patch:"IJ10134sCa", package:"bos.net.tcp.client", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.400") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IJ10275.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119622 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119622 title AIX 7.1 TL 4 : solaris (IJ10275) NASL family AIX Local Security Checks NASL id AIX_IJ10132.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119620 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119620 title AIX 7.1 TL 5 : solaris (IJ10132) NASL family AIX Local Security Checks NASL id AIX_IJ10552.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119623 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119623 title AIX 7.2 TL 1 : solaris (IJ10552) NASL family AIX Local Security Checks NASL id AIX_IJ10553.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119624 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119624 title AIX 7.2 TL 0 : solaris (IJ10553) NASL family AIX Local Security Checks NASL id AIX_IJ10130.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119619 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119619 title AIX 7.2 TL 2 : solaris (IJ10130) NASL family AIX Local Security Checks NASL id AIX_IJ10554.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3623 An unspecified vulnerability in Oracle Sun Systems related to the Solaris Kernel RPC component could allow an unauthenticated attacker to take control of the system. last seen 2020-06-01 modified 2020-06-02 plugin id 119625 published 2018-12-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119625 title AIX 5.3 TL 12 : solaris (IJ10554)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/155876/ebbislandebbshave6-overflow.txt |
| id | PACKETSTORM:155876 |
| last seen | 2020-01-09 |
| published | 2020-01-08 |
| reporter | Harrison Neal |
| source | https://packetstormsecurity.com/files/155876/EBBISLAND-EBBSHAVE-6100-09-04-1441-Remote-Buffer-Overflow.html |
| title | EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow |