PT-2008-6741 · Oracle · Opensolaris+1

Tobias Klein

Published

2008-12-19

Updated

2018-10-11

CVE-2008-5689

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Solaris versions 10 and OpenSolaris snv 01 through snv 76

Description The issue allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request. This request triggers a NULL pointer dereference in the tun in IP Tunnel component.

Recommendations For Solaris versions 10 and OpenSolaris snv 01 through snv 76, consider restricting access to the tun in IP Tunnel component to minimize the risk of exploitation. As a temporary workaround, avoid using the SIOCGTUNPARAM IOCTL request until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-5689

Affected Products

Opensolaris

Solaris

PT-2008-6741 · Oracle · Opensolaris+1

CVE-2008-5689

Weakness Enumeration

Related Identifiers

Affected Products

References · 13