Oracle has issued three fixes for a critical Solaris vulnerability that could allow kernel-level privilege escalation. Impacted are the Solaris 10 and 11.3 operating environments.
Sun Microsystems (now owned by Oracle) originally patched the vulnerability in 2009. But, a “re-fix” is now required, since researchers at Trustwave discovered loopholes in the patch that could allow a local adversary to execute arbitrary code on Solaris enterprise systems and escalate privileges.
“The issue is present in the kernel and is locally exploitable as an unprivileged user, provided the local system has the Sun StorageTek Availability Suite configured,” explained Neil Kettle, application security principal consultant at SpiderLabs at Trustwave.
The vulnerability allows attackers to write their own malicious code to memory and execute it with kernel-level privilege, researchers said. A successful attack against this vulnerability could result in a takeover of the Solaris operating environment.
The vulnerability was first discovered in 2007 and released publicly during CanSecWest 2009, according to Trustwave. A fix was issued shortly after by Sun Microsystems. Fast-forward to March 2018, when Trustwave disclosed it had found loopholes in the patch.
On July 17, Oracle released three patches to mitigate against the vulnerability as part of its July patching schedule. On Tuesday, Trustwave and Oracle publicly disclosed the vulnerability (CVE-2018-2892).