Main Vulnerability Database SB2018071836

SB2018071836 - Input validation error in Oracle Solaris Cluster

Published: July 18, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018071836

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2018-2930)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remediation

Install update from vendor's website.

SB2018071836 - Input validation error in Oracle Solaris Cluster

Breakdown by Severity

Description

Remediation

References

Please verify you're human