Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Opensolaris | Sun | * | * |
| Opensolaris | Sun | * | build_snv_95 (including) |
| Opensolaris | Sun | build_snv_01 (including) | build_snv_01 (including) |
| Opensolaris | Sun | build_snv_02 (including) | build_snv_02 (including) |
| Opensolaris | Sun | build_snv_13 (including) | build_snv_13 (including) |
| Opensolaris | Sun | build_snv_19 (including) | build_snv_19 (including) |
| Opensolaris | Sun | build_snv_22 (including) | build_snv_22 (including) |
| Opensolaris | Sun | build_snv_64 (including) | build_snv_64 (including) |
| Opensolaris | Sun | build_snv_88 (including) | build_snv_88 (including) |
| Opensolaris | Sun | build_snv_89 (including) | build_snv_89 (including) |
| Opensolaris | Sun | build_snv_91 (including) | build_snv_91 (including) |
| Opensolaris | Sun | build_snv_92 (including) | build_snv_92 (including) |
| Solaris | Sun | 8 (including) | 8 (including) |
| Solaris | Sun | 9 (including) | 9 (including) |
| Solaris | Sun | 10 (including) | 10 (including) |
| Sunos | Sun | 5.8 (including) | 5.8 (including) |
| Sunos | Sun | 5.9 (including) | 5.9 (including) |
| Sunos | Sun | 5.10 (including) | 5.10 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=735
- http://secunia.com/advisories/31386
- http://secunia.com/advisories/31535
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=766935
- http://www.securityfocus.com/bid/30556
- http://www.securitytracker.com/id?1020633
- http://www.vupen.com/english/advisories/2008/2311
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44222
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5742
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=735
- http://secunia.com/advisories/31386
- http://secunia.com/advisories/31535
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-240101-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=766935
- http://www.securityfocus.com/bid/30556
- http://www.securitytracker.com/id?1020633
- http://www.vupen.com/english/advisories/2008/2311
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44222
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44415
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5742