1. CVE-Search
  2. CVE-2008-2710
ID CVE-2008-2710
Summary Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:opensolaris:10:*:*:*:*:*:*:*
    cpe:2.3:o:sun:opensolaris:10:*:*:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:*:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:*:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
    cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2008-07-28T04:00:24.214-04:00
class vulnerability
contributors
name Todd Dolinsky
organization Hewlett-Packard
definition_extensions
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
family unix
id oval:org.mitre.oval:def:5731
status accepted
submitted 2008-06-17T14:54:16.000-04:00
title A Security Vulnerability in IP Multicast Filter processing of Sockets may lead to a system panic or possible execution of Arbitrary Code
version 35
refmap via4
bid 29699
misc http://www.trapkit.de/advisories/TKADV2008-003.txt
sectrack 1020283
secunia 30693
sunalert 237965
vupen ADV-2008-1832
xf sun-solaris-ipsetsrcfilter-code-execution(43068)
Last major update 30-10-2018 - 16:25
Published 16-06-2008 - 20:41
Last modified 30-10-2018 - 16:25
Back to Top