CVE-2018-1166

Name of the Vulnerable Software and Affected Versions Joyent SmartOS version release-20170803-20170803T064301Z

Description This issue allows local attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the SMBIOC TREE RELE ioctl, resulting from the lack of validating the existence of an object prior to performing operations on the object. This can be leveraged to execute code under the context of the host OS.

Recommendations For Joyent SmartOS version release-20170803-20170803T064301Z, as a temporary workaround, consider disabling the SMBIOC TREE RELE ioctl until a patch is available. Restrict access to the vulnerable ioctl to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.