Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARIS_SSH_PAM_CVE-2020-14871.NBIN
HistoryNov 11, 2020 - 12:00 a.m.

Oracle Solaris PAM parse_user_name() buffer overflow (CVE-2020-14871)

2020-11-1100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
230
oracle solaris
pam
buffer overflow
cve-2020-14871
scanner
binary data

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.863

Percentile

98.6%

JSON

The remote SSH server is affected by a security bypass vulnerability due to a flaw in the parse_user_name() function in the Pluggable Authentication Module (PAM). A remote attacker can exploit this, via a crafted keyboard-interactive username string, to execute arbitrary code on the target system.

Binary data solaris_ssh_pam_cve-2020-14871.nbin

Related

cve 1
exploitdb 3
fireeye 5
checkpoint_advisories 1
vulnrichment 1
zdt 4
packetstorm 3
prion 1
nessus 4
cisa_kev 1
cvelist 1
nvd 1
attackerkb 1
metasploit 1
threatpost 2
rapid7blog 2
avleonov 1
qualysblog 1
oracle 1
cve
cve
CVE-2020-14871
2020-10-21 15:15:24
exploitdb
exploitdb
Solaris SunSSH 11.0 x86 - libpam Remote Root
2020-12-15 00:00:00
Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
2021-05-21 00:00:00
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
2021-06-21 00:00:00
fireeye
fireeye
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
2019-04-05 17:00:00
Finding Weaknesses Before the Attackers Do
2019-04-08 16:30:00
In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871
2020-11-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Solaris Buffer Overflow (CVE-2020-14871)
2020-11-11 00:00:00
vulnrichment
vulnrichment
CVE-2020-14871
2020-10-21 14:04:29
zdt
zdt
Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit (3)
2021-06-21 00:00:00
Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit
2021-05-22 00:00:00
SunSSH 11.0 x86 - libpam Remote Root Exploit
2020-12-15 00:00:00
packetstorm
packetstorm
Solaris SunSSH 11.0 x86 libpam Remote Root
2020-12-15 00:00:00
Solaris SunSSH 11.0 Remote Root
2021-06-22 00:00:00
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
2020-12-17 00:00:00
prion
prion
Code injection
2020-10-21 15:15:00
nessus
nessus
Solaris 10 (sparc) : 153074-01
2020-10-20 00:00:00
Oracle Solaris Critical Patch Update : oct2020_SRU11_3_36_23_0
2020-10-21 00:00:00
Solaris 10 (x86) : 153075-01
2020-10-20 00:00:00
cisa_kev
cisa_kev
Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
CVE-2020-14871
2020-10-21 14:04:29
nvd
nvd
CVE-2020-14871
2020-10-21 15:15:24
attackerkb
attackerkb
CVE-2020-14871
2020-10-21 00:00:00
metasploit
metasploit
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
2020-12-07 07:35:13
threatpost
threatpost
Oracle Solaris Zero-Day Attack Revealed
2020-11-03 21:39:58
Oracle Kills 402 Bugs in Massive October Patch Update
2020-10-21 17:21:13
rapid7blog
rapid7blog
Metasploit weekly wrap-up
2023-08-11 15:22:20
Metasploit Wrap-Up
2020-12-18 19:15:21
avleonov
avleonov
Last Week’s Security news: Cisco ASA, BIG-IQ, vSphere, Solaris, Dlink, iPhone %s, DarkRadiation, Google schema, John McAfee
2021-06-28 10:59:53
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.863

Percentile

98.6%

JSON
Related for SOLARIS_SSH_PAM_CVE-2020-14871.NBIN
cve1exploitdb3fireeye5checkpoint_advisories1vulnrichment1zdt4packetstorm3prion1nessus4cisa_kev1cvelist1nvd1attackerkb1metasploit1threatpost2rapid7blog2avleonov1qualysblog1oracle1