CVE-2020-14871
CVE-2020-14871
In short
A critical flaw in Oracle Solaris authentication allows attackers on the network to take complete control of the system without needing valid credentials. This is a severe vulnerability that affects core system security.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in the Pluggable Authentication Module (PAM) component of Oracle Solaris 10 and 11. Unauthenticated remote attackers can exploit this via multiple network protocols with no preconditions, achieving complete system compromise including confidentiality, integrity, and availability breaches. Not exploitable in Solaris 11.1+ and ZFSSA 8.7+.
Summary generated and translated by AI from the official description.
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Oracle Corporation · Solaris Operating Systempublic PoCs found — 9
githubgithub.com/robidev/CVE-2020-14871-Exploit★ 2githubgithub.com/FromPartsUnknown/EvilSunCheck★ 0cve_referencepacketstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.htmlunverifiedcve_referencepacketstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49261unverifiedexploitdbwww.exploit-db.com/exploits/49896unverifiedcve_referencepacketstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50039unverifiedcve_referencepacketstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.htmlhttp://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.htmlhttp://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14871https://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://www.openwall.com/lists/oss-security/2021/03/03/1http://www.openwall.com/lists/oss-security/2024/07/03/3