HIGH🇵🇱 Wersja polska

CVE-2018-1165

CVSS 7.0v3.1pub. 2018-02-21upd. 2024-11-21

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Joyent Smartos

    OS
    Joyent
    20170803
  • Oracle Solaris

    OS
    Oracle
    11
  • Oracle Zfs Storage Appliance

    OS
    Oracle
    8.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2020-14871CRITICAL10.0⚠ KEVten sam produkt

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...

CVE-2013-2251CRITICAL9.8⚠ KEVten sam produkt

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...

CVE-2026-46978CRITICAL10.0ten sam produkt

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The...

CVE-2025-36038CRITICAL9.0PL ✓ten sam produkt

RCE w IBM WebSphere Application Server przez niebezpieczną deserializację

CVE-2021-39085CRITICAL9.8ten sam produkt

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 thr...