One of the Solaris vulnerabilities patched by Oracle with its July 2018 Critical Patch Update (CPU) exists due to an ineffective fix implemented by the company for a flaw first discovered in 2007.
The new vulnerability, identified by researchers at Trustwave and tracked as CVE-2018-2892, impacts the Availability Suite Service component in Oracle Solaris 10 and 11.3.
The security hole has been classified as high severity due to the fact that it allows an attacker to execute code with elevated privileges, but it cannot be exploited remotely without authentication.
“A local kernel ring0 code execution vulnerability exists in the Oracle Solaris AVS kernel component permitting arbitrary code execution and thus privilege escalation,” Trustwave wrote in an advisory. “The issue is the result of a signedness bug in the bounds checking of the ‘SDBC_TEST_INIT’ ioctl code sent to the ‘/dev/sdbc’ device. The result is a call to copyin() with a user controllable destination pointer and length thereby facilitating an arbitrary kernel memory overwrite and thus arbitrary code execution in the context of the kernel.”
According to Trustwave, the vulnerability was originally discovered back in 2007 and its details were disclosed in 2009 at the CanSecWest security conference. The root cause of the issue is a combination of several arbitrary memory dereference bugs and an unbounded memory write bug.
Oracle released a patch sometime after the vulnerability was disclosed, but Trustwave discovered that the fix had been ineffective.
Exploitation of CVE-2018-2892 is “almost identical” to the original flaw, the most significant difference being related to the change in architecture between the open source OpenSolaris running on a 32-bit system and Oracle Solaris 11 running on a 64-bit system. Oracle discontinued OpenSolaris after acquiring Sun Microsystems in 2010.
Researchers believe the new vulnerability may exist due to some code introduced for testing purposes.
Another vulnerability patched by Oracle with its latest CPU is CVE-2018-2893, a critical flaw that allows attackers to remotely take control of WebLogic Server systems. The security hole has already been exploited in the wild to deliver cryptocurrency miners, backdoors and other types of malware.
Related: Oracle Fixes Spectre, Meltdown Flaws With Critical Patch Update
Related: Oracle Patches New Spectre, Meltdown Vulnerabilities
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
Latest News
- Dozens of Malicious Extensions Found in Chrome Web Store
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
