Oracle Security Alert for CVE-2017-3629

Description

This Security Alert addresses CVE-2017-3629 and two other vulnerabilities affecting Oracle Solaris. These are local privilege escalation vulnerabilities that may only be exploited over a network with a valid username and password. Together, these vulnerabilities may allow privilege escalation to root.

Due to the severity of these vulnerabilities and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Affected Products and Versions

Oracle Solaris, versions 10 and 11 are affected.

Patch Availability Table and Risk Matrix

Patch Availability Table

Credit Statement

Qualys Research Labs reported the security vulnerabilities that are addressed by this Security Alert to Oracle.

References

• Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]
• Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions [ CPU FAQ ]
• Risk Matrix definitions [ Risk Matrix Definitions]
• Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]
• English text version of risk matrix [ Oracle Technology Network ]
• CVRF XML version of the risk matrices   [ Oracle Technology Network ]

Modification History

Appendix - Oracle Sun Systems Products Suite

Oracle Sun Systems Products Suite Executive Summary

This Security Alert contains 3 new security fixes for the Oracle Sun Systems Products Suite.  None of these vulnerabilities are remotely exploitable without authentication, i.e., none may be exploited over a network without valid user credentials.  The English text form of this Risk Matrix can be found here

Oracle Sun Systems Products Suite Risk Matrix