CVE-2023-21896

Name of the Vulnerable Software and Affected Versions Oracle Solaris versions 10 and 11

Description The issue is related to errors in handling input data in the NSSwitch component of Oracle Solaris, which can be exploited to compromise the system. A successful attack can result in the takeover of Oracle Solaris. The exploitation of this issue is considered difficult and requires a low-privileged attacker with logon access to the infrastructure where Oracle Solaris is executed.

Recommendations For Oracle Solaris version 10, update to a version that includes the fix for this issue. For Oracle Solaris version 11, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the NSSwitch component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.