ID CVE-2008-2710
Summary Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:opensolaris:10
    cpe:2.3:o:sun:opensolaris:10
  • cpe:2.3:o:sun:solaris:10:-:sparc
    cpe:2.3:o:sun:solaris:10:-:sparc
  • Sun SunOS (formerly Solaris)
    cpe:2.3:o:sun:sunos
CVSS
Base: 7.2 (as of 17-06-2008 - 12:50)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
oval via4
accepted 2008-07-28T04:00:24.214-04:00
class vulnerability
contributors
name Todd Dolinsky
organization Hewlett-Packard
definition_extensions
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
family unix
id oval:org.mitre.oval:def:5731
status accepted
submitted 2008-06-17T14:54:16.000-04:00
title A Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary Code
version 31
refmap via4
bid 29699
misc http://www.trapkit.de/advisories/TKADV2008-003.txt
sectrack 1020283
secunia 30693
sunalert 237965
vupen ADV-2008-1832
xf sun-solaris-ipsetsrcfilter-code-execution(43068)
Last major update 07-03-2011 - 22:09
Published 16-06-2008 - 16:41
Last modified 30-10-2018 - 12:25
Back to Top