CVE-2016-9035

Name of the Vulnerable Software and Affected Versions Joyent SmartOS version 20161110T013148Z

Description A buffer overflow issue exists in the Hyprlofs file system, specifically in the Ioctl system call with the command HYPRLOFS ADD ENTRIES when handling native file systems. An attacker can craft input to cause a buffer overflow in the path variable, leading to out-of-bounds memory access and potential privilege escalation.

Recommendations For Joyent SmartOS version 20161110T013148Z, as a temporary workaround, consider restricting access to the HYPRLOFS ADD ENTRIES command in the Ioctl system call to minimize the risk of exploitation. Avoid using the path variable in the affected Ioctl system call until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.