Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1296

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-1296
Last Modified 10 Sep 2008 03:14:16
Published 23 Dec 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1296

Summary

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

Vulnerable Systems

Operating System

  • Sun Solaris 2.5.1

  • Sun Solaris 2.6

  • Sun Solaris 7.0

  • Sun Solaris 8.0

  • Sun Solaris 9.0


References

CERT-VN - VU#683673

CONFIRM - http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131

XF - solaris-priocntl-pcclname-modules(10717)

BID - 6262

BUGTRAQ - 20021127 Solaris priocntl exploit


Last Updated: 27 May 2016 10:37:16