Main Vulnerability Database Vulnerabilities #VU36533

#VU36533 Input validation error in Oracle Solaris - CVE-2018-3270

Published: October 17, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36533

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-3270

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Oracle Solaris

Software vendor:
Oracle

Description

The vulnerability allows a local privileged user to perform service disruption.

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).

Remediation

Install update from vendor's website.

#VU36533 Input validation error in Oracle Solaris - CVE-2018-3270

Description

Remediation

External links

Please verify you're human