Main Vulnerability Database Vulnerabilities #VU35153

Input validation error in Oracle Solaris - CVE-2019-3008

Published: October 16, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35153

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3008

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Solaris

Detailed vulnerability description

The vulnerability allows a local privileged user to perform service disruption.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).

How to mitigate CVE-2019-3008

Install update from vendor's website.

Sources

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Input validation error in Oracle Solaris - CVE-2019-3008

Detailed vulnerability description

How to mitigate CVE-2019-3008

Sources

Please verify you're human