Описание
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchThird Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Vendor Advisory
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00027
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
EPSS
Процентиль: 6%
0.00027
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other