Share
## https://sploitus.com/exploit?id=SAINT:602E7B75D152A03298E979D20B4F9D15
Added: 01/08/2021  


### Background

[SunSSH](<https://docs.oracle.com/cd/E53394_01/html/E54793/sshuser-6.html>) is a fork of [OpenSSH](<https://www.openssh.com/>) for Solaris. It provides remote login capability on Solaris platforms. 

### Problem

A buffer overflow vulnerability in `**libpam**` could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to SunSSH. 

### Resolution

Apply the patch referenced in [Patch Availability Document 2711819](<https://support.oracle.com/rs?type=doc&id=2711819.1>). 

### References

<https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixSUNS>  
<https://www.exploit-db.com/exploits/49261>  


### Limitations

Exploit has been tested on Solaris 11.0. The libssh2 library must be installed on the scanning system. 

### Platforms

Solaris