CVE-2020-14871: Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
First published: Wed Oct 21 2020(Updated: )
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Solaris and Zettabyte File System (ZFS) | ||
| Oracle Solaris SPARC | >=10<11.1 | |
| Oracle Solaris SPARC | =9 | |
| >=10<11.1 | ||
| =9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html
- http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html
- http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html
- http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html
- http://www.openwall.com/lists/oss-security/2021/03/03/1
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://www.openwall.com/lists/oss-security/2024/07/03/3
- https://nvd.nist.gov/vuln/detail/CVE-2020-14871
Frequently Asked Questions
What is the severity of CVE-2020-14871?
CVE-2020-14871 is rated as a critical vulnerability allowing remote code execution.
How do I fix CVE-2020-14871?
To fix CVE-2020-14871, update your Oracle Solaris system to the latest version provided by Oracle.
Which versions of Oracle Solaris are affected by CVE-2020-14871?
CVE-2020-14871 affects Oracle Solaris versions 10 and 11.
Can CVE-2020-14871 be exploited remotely?
Yes, CVE-2020-14871 can be exploited by unauthenticated attackers with network access.
What component is affected by CVE-2020-14871?
CVE-2020-14871 impacts the Pluggable Authentication Module in Oracle Solaris.
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- vendor/oracle
- canonical/oracle solaris and zettabyte file system (zfs)
- canonical/oracle solaris sparc
- version/oracle solaris sparc/10
- version/oracle solaris sparc/9