SB2019011528 - Multiple vulnerabilities in Oracle Solaris
Published: January 15, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Denial of service (CVE-ID: CVE-2019-2545)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local unauthenticated attacker to cause DoS condition.
The weakness exists due to unspecified flaw in the LDoms IO component. A local attacker can cause the service to crash.
2) Information disclosure (CVE-ID: CVE-2019-2544)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information.
The weakness exists due to unspecified flaw in the Kernel component. A local attacker can read arbitrary files.
3) Information disclosure (CVE-ID: CVE-2019-2543)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to unspecified flaw in the Kernel component. A remote attacker can read arbitrary files.
4) Speculative Store Bypass (CVE-ID: CVE-2018-3639)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.
Note: the vulnerability is referred to as "Spectre variant 4".
5) Information disclosure (CVE-ID: CVE-2018-3646)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists on the systems with microprocessors utilizing speculative execution and address translations due to an error in Hypervisor. An adjacent attacker can access information residing in the L1 data cache via a terminal page fault and a side-channel analysis.
6) Denial of service (CVE-ID: CVE-2019-2437)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to unspecified flaw in the Kernel component. A remote attacker can cause the service to crash.
7) Privilege escalation (CVE-ID: CVE-2019-2541)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent attacker to gain elevated privileges.
The weakness exists due to unspecified flaw in DHCP Client. An adjacent attacker can gain elevated privileges to conduct further attacks.
Remediation
Install update from vendor's website.