Vulnerabilities > CVE-2008-5689 - Resource Management Errors vulnerability in SUN Opensolaris

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
sun
CWE-399
exploit available
NVD
Published: 2008-12-19
Updated: 2024-11-21

Summary

tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.

Vulnerable Configurations

Part Description Count
OS
Sun
160

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionLinux Kernel Solaris < 5.10 138888-01 - Local Root Exploit. CVE-2008-568. Local exploit for solaris platform
fileexploits/solaris/local/15962.c
idEDB-ID:15962
last seen2016-02-01
modified2011-01-10
platformsolaris
port
published2011-01-10
reporterperi.carding
sourcehttps://www.exploit-db.com/download/15962/
titleLinux Kernel Solaris < 5.10 138888-01 - Local Root Exploit
typelocal

Oval

accepted2009-02-16T04:00:23.987-05:00
classvulnerability
contributors
nameMichael Wood
organizationHewlett-Packard
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptiontun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
familyunix
idoval:org.mitre.oval:def:5949
statusaccepted
submitted2009-01-05T16:39:26.000-05:00
titleSecurity Vulnerability in Solaris IP Tunnel Parameter Processing May Lead to a System Panic or Possible Execution of Arbitrary Code by Unprivileged Users
version35

References