CVE-2018-1165

Name of the Vulnerable Software and Affected Versions: Joyent SmartOS versions prior to release-20170803-20170803T064301Z

Description: The issue is related to a heap-based buffer overflow in the SMB IOC SVCENUM function of Joyent SmartOS, caused by insufficient validation of user-supplied data length before copying it to a fixed-length buffer. This can be exploited by local attackers to escalate privileges and execute arbitrary code under the context of the host OS. An attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations: For Joyent SmartOS versions prior to release-20170803-20170803T064301Z, consider restricting access to the SMB IOC SVCENUM IOCTL until a patch is available. As a temporary workaround, limiting the ability to execute low-privileged code on the system can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.