Solaris SunSSH libpam buffer overflow

Added: 01/08/2021

Background

SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms.

Problem

A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to SunSSH.

Resolution

Apply the patch referenced in Patch Availability Document 2711819.

References

https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixSUNS
https://www.exploit-db.com/exploits/49261

Limitations

Exploit has been tested on Solaris 11.0. The libssh2 library must be installed on the scanning system.

Platforms

Solaris

Back to exploit index