PT-2020-16762 · Omnios+2 · Omnios+2
Published
2020-10-23
·
Updated
2020-10-27
·
CVE-2020-27678
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
illumos versions prior to 2020-10-22
OmniOS versions prior to r151030by, r151032ay, and r151034y
SmartOS versions prior to 20201022
Description
An issue was discovered in the affected software, which is related to a buffer overflow in the
parse user name function located in lib/libpam/pam framework.c.Recommendations
For illumos versions prior to 2020-10-22, update to a version released after 2020-10-22.
For OmniOS versions prior to r151030by, r151032ay, and r151034y, update to a version released after these versions.
For SmartOS versions prior to 20201022, update to a version released after 20201022.
As a temporary workaround, consider restricting access to the
parse user name function in lib/libpam/pam framework.c until a patch is available.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Omnios
Smartos
Illumos