Exploit for #VU47887 Improper input validation in Oracle Solaris

Published: 2020-12-16 | Updated: 2021-12-26

Vulnerability identifier: #VU47887

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-14871

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 5

December 26, 2021
- CVE-2020-14871-Exploit (This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems libpam library, and exploitable over ssh) [Github]
June 28, 2021
- Solaris SunSSH 11.0 x86 - libpam Remote Root (3) [Exploit-DB]
June 17, 2021
- Solaris SunSSH 11.0 x86 - libpam Remote Root [Exploit-DB]
- Solaris SunSSH 11.0 x86 - libpam Remote Root (2) [Exploit-DB]
December 16, 2020
- Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow [Metasploit]

Impact: Code execution

Vulnerable software:
Oracle Solaris
Operating systems & Components / Operating system

Vendor: Oracle