This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HJoyent Smartos
OSJoyent20170803Oracle Solaris
OSOracle11Oracle Zfs Storage Appliance
OSOracle8.8
Related vulnerabilities
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The...
RCE w IBM WebSphere Application Server przez niebezpieczną deserializację
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 thr...