CVE-2020-2944

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

History

21 Nov 2024, 05:26

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/157280/Common-Desktop-Environment-1.6-Local-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/157280/Common-Desktop-Environment-1.6-Local-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2020/Apr/25 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2020/Apr/25 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2020/04/15/3 - Exploit, Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2020/04/15/3 - Exploit, Mailing List, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Vendor Advisory () https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Vendor Advisory

Information

Published : 2020-04-15 14:15

Updated : 2024-11-21 05:26


NVD link : CVE-2020-2944

Mitre link : CVE-2020-2944

CVE.ORG link : CVE-2020-2944


JSON object : View

Products Affected

oracle

  • solaris
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')