Main Vulnerability Database Vulnerabilities #VU36850

Input validation error in Oracle Solaris - CVE-2018-2908

Published: July 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36850

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-2908

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Solaris

Detailed vulnerability description

The vulnerability allows a remote authenticated user to a crash the entire system.

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via RPC to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

How to mitigate CVE-2018-2908

Install update from vendor's website.

Input validation error in Oracle Solaris - CVE-2018-2908

Detailed vulnerability description

How to mitigate CVE-2018-2908

Sources

Please verify you're human