Vulnerabilities > CVE-2002-1296 - Local Root vulnerability in Solaris priocntl() System Call
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 7 |
Oval
| accepted | 2005-03-09T07:56:00.000-04:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| description | Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:3637 | ||||
| status | accepted | ||||
| submitted | 2005-02-01T12:00:00.000-04:00 | ||||
| title | priocntl Directory Traversal Vulnerability | ||||
| version | 35 |
References
- http://marc.info/?l=bugtraq&m=103842619803173&w=2
- http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
- http://www.iss.net/security_center/static/10717.php
- http://www.kb.cert.org/vuls/id/683673
- http://www.securityfocus.com/bid/6262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3637