Published: 31/12/2004 Updated: 30/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun solaris 8.0
sun sunos 5.9
sun solaris 9.0
sun sunos -
sun solaris 7.0
sun sunos 5.8
sun solaris 2.6
sun sunos 5.7

source: wwwsecurityfocuscom/bid/9962/info It has been reported that Sun Solaris may be prone to a local privilege escalation vulnerability that may allow an attacker to gain root access to a vulnerable system The issue exists due to insufficient sanitization of user-supplied data via the vfs_getvfssw() function in the Solaris kernel An ...

CWE-22 http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf http://seclists.org/bugtraq/2004/Apr/0081.html http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.html http://www.securityfocus.com/bid/9962 http://securitytracker.com/id?1008833 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381 https://nvd.nist.gov https://www.exploit-db.com/exploits/23874/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2686

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect