Fast-forward to March 2018, when Trustwave disclosed it had found loopholes in the patch. A fix was issued shortly after by Sun Microsystems. The vulnerability was first discovered in 2007 and released publicly during CanSecWest 2009, according to Trustwave. ![]() The vulnerability allows attackers to write their own malicious code to memory and execute it with kernel-level privilege, researchers said. A successful attack against this vulnerability could result in a takeover of the Solaris operating environment. “The issue is present in the kernel and is locally exploitable as an unprivileged user, provided the local system has the Sun StorageTek Availability Suite configured,” explained Neil Kettle, application security principal consultant at SpiderLabs at Trustwave. But, a “re-fix” is now required, since researchers at Trustwave discovered loopholes in the patch that could allow a local adversary to execute arbitrary code on Solaris enterprise systems and escalate privileges. Sun Microsystems (now owned by Oracle) originally patched the vulnerability in 2009. Impacted are the Solaris 10 and 11.3 operating environments. Oracle has issued three fixes for a critical Solaris vulnerability that could allow kernel-level privilege escalation.
0 Comments
Leave a Reply. |