PT-2008-2572 · Sun · Snoop+2

Gael Delalleau

Published

2008-08-08

Updated

2018-10-30

CVE-2008-0964

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions snoop versions on Sun Solaris 8 through 10 and OpenSolaris before snv 96

Description The issue is related to multiple stack-based buffer overflows in the snoop utility. This occurs when the -o option is omitted and a crafted SMB packet is received, allowing remote attackers to execute arbitrary code.

Recommendations For snoop on Sun Solaris 8 through 10 and OpenSolaris before snv 96, consider using the -o option to mitigate the risk of exploitation. As a temporary workaround, restrict access to the snoop utility until a patch is available.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-0964

Affected Products

Opensolaris

Sun Solaris

Snoop

PT-2008-2572 · Sun · Snoop+2

CVE-2008-0964

Weakness Enumeration

Related Identifiers

Affected Products

References · 13