Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
PoC: CVE-2020-14871-Exploit
This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems libpam library, and exploitable over ssh
PoC: EvilSunCheck
This is a little Python script to detect the "EvilSun" vulnerability (CVE-2020-14871) on Solaris systems. The vulnerability is a buffer overflow in the Pluggable Authentication Module (PAM) `pam_unix_auth` when handling keyboard-interactive authentication in SSH.
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free