Vulnerabilities > CVE-2008-5689 - Resource Management Errors vulnerability in SUN Opensolaris and Solaris

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

sun

CWE-399

exploit available

NVD

Published: 2008-12-19

Updated: 2018-10-11

Summary

tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference. Complete system compromise only affects x86 platforms (http://www.trapkit.de/advisories/TKADV2008-015.txt)

Vulnerable Configurations

Part	Description	Count
OS	Sun SUN Opensolaris Snv_01 SUN Opensolaris Snv_02 SUN Opensolaris Snv_03 SUN Opensolaris Snv_04 SUN Opensolaris Snv_05 SUN Opensolaris Snv_06 SUN Opensolaris Snv_07 SUN Opensolaris Snv_08 SUN Opensolaris Snv_09 SUN Opensolaris Snv_10 SUN Opensolaris Snv_11 SUN Opensolaris Snv_12 SUN Opensolaris Snv_13 SUN Opensolaris Snv_14 SUN Opensolaris Snv_15 SUN Opensolaris Snv_16 SUN Opensolaris Snv_17 SUN Opensolaris Snv_18 SUN Opensolaris Snv_19 SUN Opensolaris Snv_20 SUN Opensolaris Snv_21 SUN Opensolaris Snv_22 SUN Opensolaris Snv_23 SUN Opensolaris Snv_24 SUN Opensolaris Snv_25 SUN Opensolaris Snv_26 SUN Opensolaris Snv_27 SUN Opensolaris Snv_28 SUN Opensolaris Snv_29 SUN Opensolaris Snv_30 SUN Opensolaris Snv_31 SUN Opensolaris Snv_32 SUN Opensolaris Snv_33 SUN Opensolaris Snv_34 SUN Opensolaris Snv_35 SUN Opensolaris Snv_36 SUN Opensolaris Snv_37 SUN Opensolaris Snv_38 SUN Opensolaris Snv_39 SUN Opensolaris Snv_40 SUN Opensolaris Snv_41 SUN Opensolaris Snv_42 SUN Opensolaris Snv_43 SUN Opensolaris Snv_44 SUN Opensolaris Snv_45 SUN Opensolaris Snv_46 SUN Opensolaris Snv_47 SUN Opensolaris Snv_48 SUN Opensolaris Snv_49 SUN Opensolaris Snv_50 SUN Opensolaris Snv_51 SUN Opensolaris Snv_52 SUN Opensolaris Snv_53 SUN Opensolaris Snv_54 SUN Opensolaris Snv_55 SUN Opensolaris Snv_56 SUN Opensolaris Snv_57 SUN Opensolaris Snv_58 SUN Opensolaris Snv_59 SUN Opensolaris Snv_60 SUN Opensolaris Snv_61 SUN Opensolaris Snv_62 SUN Opensolaris Snv_63 SUN Opensolaris Snv_64 SUN Opensolaris Snv_65 SUN Opensolaris Snv_66 SUN Opensolaris Snv_67 SUN Opensolaris Snv_68 SUN Opensolaris Snv_69 SUN Opensolaris Snv_70 SUN Opensolaris Snv_71 SUN Opensolaris Snv_72 SUN Opensolaris Snv_73 SUN Opensolaris Snv_74 SUN Opensolaris Snv_75 SUN Opensolaris Snv_76 SUN Opensolaris Snv_100 SUN Opensolaris Snv_101 SUN Opensolaris Snv_102 SUN Solaris 10.0	160

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	Linux Kernel Solaris < 5.10 138888-01 - Local Root Exploit. CVE-2008-568. Local exploit for solaris platform
file	exploits/solaris/local/15962.c
id	EDB-ID:15962
last seen	2016-02-01
modified	2011-01-10
platform	solaris
port
published	2011-01-10
reporter	peri.carding
source	https://www.exploit-db.com/download/15962/
title	Linux Kernel Solaris < 5.10 138888-01 - Local Root Exploit
type	local

Oval

accepted

2009-02-16T04:00:23.987-05:00

class

vulnerability

contributors

name	Michael Wood
organization	Hewlett-Packard

definition_extensions

comment Solaris 10 (SPARC) is installed
oval oval:org.mitre.oval:def:1440
comment Solaris 10 (x86) is installed
oval oval:org.mitre.oval:def:1926

description

family

unix

oval:org.mitre.oval:def:5949

status

accepted

submitted

2009-01-05T16:39:26.000-05:00

title

Security Vulnerability in Solaris IP Tunnel Parameter Processing May Lead to a System Panic or Possible Execution of Arbitrary Code by Unprivileged Users

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Oval

References