Oracle Solaris vulnerable to arbitrary code execution via /proc/self

guest · Jul 17, 2019

Oracle Solaris vulnerable to arbitrary code execution via /proc/self
Vulnerability Note VU#790507
July 17, 2019
https://kb.cert.org/vuls/id/790507/

Overview
Oracle Solaris 11 and Solaris 10 are vulnerable to arbitrary code execution if an attacker has read/write access to /proc/self in the process file system.
Impact
An authenticated attacker with read and write access to the /proc/self directory via a vulnerable service providing file IO, may be able to gain arbitrary code execution on a target host.
Solution
Oracle has released updates for Solaris 11 and Solaris 10 to address the vulnerability.
Restrict access to /proc
In general any service providing file IO remotely should have its access to /proc restricted. This can be achieved by correctly chrooting the shared environment.
Click to expand...

Log in or Sign up

Oracle Solaris vulnerable to arbitrary code execution via /proc/self

guest Guest

Log in or Sign up

Oracle Solaris vulnerable to arbitrary code execution via /proc/self

guest Guest

Useful Searches