CVE-2017-3623

Name of the Vulnerable Software and Affected Versions Oracle Sun Systems Products Suite (subcomponent: Kernel RPC) versions prior to the version with the Kernel patch installed after 2012-01-26 Oracle Sun Systems Products Suite (subcomponent: Kernel RPC) versions prior to Solaris 10 1/13 (Solaris 10 Update 11)

Description The issue is related to inadequate access control in the Solaris Kernel RPC component, allowing an unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks can result in the takeover of Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products.

Recommendations For Oracle Sun Systems Products Suite versions prior to the version with the Kernel patch installed after 2012-01-26, update to a version with the Kernel patch installed after 2012-01-26 to resolve the issue. For Oracle Sun Systems Products Suite versions prior to Solaris 10 1/13 (Solaris 10 Update 11), update to Solaris 10 1/13 (Solaris 10 Update 11) or later to resolve the issue. As a temporary workaround, consider restricting network access to the Solaris Kernel RPC component until a patch is available.