Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via .. sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Solaris | Sun | 2.6 (including) | 2.6 (including) |
| Solaris | Sun | 7.0 (including) | 7.0 (including) |
| Solaris | Sun | 8.0 (including) | 8.0 (including) |
| Solaris | Sun | 9.0 (including) | 9.0 (including) |
| Sunos | Sun | 5.5.1 (including) | 5.5.1 (including) |
| Sunos | Sun | 5.7 (including) | 5.7 (including) |
| Sunos | Sun | 5.8 (including) | 5.8 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=103842619803173\u0026w=2
- http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
- http://www.iss.net/security_center/static/10717.php
- http://www.kb.cert.org/vuls/id/683673
- http://www.securityfocus.com/bid/6262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3637
- http://marc.info/?l=bugtraq\u0026m=103842619803173\u0026w=2
- http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
- http://www.iss.net/security_center/static/10717.php
- http://www.kb.cert.org/vuls/id/683673
- http://www.securityfocus.com/bid/6262
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3637