CVE-2020-14871

Name of the Vulnerable Software and Affected Versions: Oracle Solaris versions 10 and 11

Description: The issue is related to a buffer overflow vulnerability in the Pluggable authentication module of Oracle Solaris, which can be exploited by an unauthenticated attacker with network access via multiple protocols to compromise the system. This vulnerability may significantly impact additional products and can result in the takeover of Oracle Solaris. There have been reports of real-world attacks exploiting this issue, with an exploit being sold on the black market. The vulnerability is easily exploitable and can allow remote takeover of the system.

Recommendations: For Oracle Solaris versions 10 and 11, update to a version that is not affected by this vulnerability, as the exact fixed version is not specified. As a temporary workaround, consider disabling the parse user name() function of the Pluggable authentication module until a patch is available. Restrict access to the Pluggable authentication module to minimize the risk of exploitation. Avoid using the Pluggable authentication module for SSHD or other network services until the issue is resolved.