CVE-2008-2710

Name of the Vulnerable Software and Affected Versions Sun Solaris 10 and OpenSolaris before snv 92

Description The issue is caused by an integer signedness error in the ip set srcfilter function in the IP Multicast Filter. This error allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf numsrc field. The error triggers an out-of-bounds write of kernel memory.

Recommendations For Sun Solaris 10 and OpenSolaris before snv 92, consider restricting access to the SIOCSIPMSFILTER IOCTL request to minimize the risk of exploitation. As a temporary workaround, limit the value of the imsf numsrc field to prevent out-of-bounds writes. At the moment, there is no information about a newer version that contains a fix for this issue.