Login Sign Up

CVE-2020-14871

10.0 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authentication Module (PAM) that allows unauthenticated remote attackers to execute arbitrary code with root privileges. It affects Oracle Solaris versions 10 and 11 (specifically versions before 11.1 and ZFSSA before 8.7). Successful exploitation results in complete system compromise.

💻 Affected Systems

Products:
  • Oracle Solaris
Versions: Solaris 10, Solaris 11 (specifically versions before 11.1), ZFSSA (versions before 8.7)
Operating Systems: Oracle Solaris
Default Config Vulnerable: ⚠️ Yes
Notes: Solaris 11.1 and later, and ZFSSA 8.7 and later are NOT vulnerable. The vulnerability is in the PAM component used by SunSSH.

📦 What is this software?

Solaris by Oracle

View all CVEs affecting Solaris →

Solaris by Oracle

View all CVEs affecting Solaris →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover - attacker gains root access, can install persistent backdoors, exfiltrate all data, and use the system as a pivot point for further attacks.

🟠

Likely Case

Remote root compromise leading to data theft, ransomware deployment, or system destruction.

🟢

If Mitigated

No impact if systems are patched or running non-vulnerable versions (Solaris 11.1+ or ZFSSA 8.7+).

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation via network protocols makes internet-facing systems extremely vulnerable.
🏢 Internal Only: HIGH - Even internal systems are vulnerable to any network-accessible attacker due to unauthenticated nature.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit proofs-of-concept exist on Packet Storm and other sources. The vulnerability is easily exploitable with publicly available tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Solaris 11.1 or later, ZFSSA 8.7 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2020.html

Restart Required: Yes

Instructions:

1. Apply Oracle Critical Patch Update for October 2020. 2. Upgrade to Solaris 11.1 or later. 3. For ZFSSA, upgrade to 8.7 or later. 4. Restart affected services or reboot system.

🔧 Temporary Workarounds

Disable SunSSH or restrict access

solaris

Temporarily disable SunSSH service or restrict network access to only trusted sources

svcadm disable ssh
iptables -A INPUT -p tcp --dport 22 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

Use alternative SSH implementation

solaris

Replace SunSSH with OpenSSH or another SSH implementation

pkg install openssh
svcadm disable ssh
svcadm enable openssh

🧯 If You Can't Patch

  • Isolate affected systems in separate network segments with strict firewall rules
  • Implement network-based intrusion prevention systems (IPS) with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Solaris version: 'uname -a' and verify if running Solaris 10 or Solaris 11 before 11.1. Check if SunSSH is running: 'svcs ssh'

Check Version:

uname -a

Verify Fix Applied:

Verify system is running Solaris 11.1 or later: 'uname -a'. Check that October 2020 patches are applied: 'showrev -p | grep 2020'

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts with malformed usernames in /var/log/authlog
  • Sudden root privilege escalation in audit logs
  • Unusual SSH connection patterns

Network Indicators:

  • Unusual SSH traffic patterns, especially with malformed packets
  • Connection attempts with specially crafted usernames exceeding normal length

SIEM Query:

source="authlog" AND ("authentication failure" OR "pam_" AND "buffer") OR source="netflow" AND dest_port=22 AND packet_size>normal

📊 Metadata

CVE ID: CVE-2020-14871
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787
Published: October 21, 2020
Last Updated: October 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14871, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2022-30292 10.0

CVE-2022-30292 is a critical heap-based buffer overflow vulnerability in SQUIRREL 3.2's sqbaselib.cp...

Same vulnerability type (CWE-787)