Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Opensolaris | Sun | * | * |
| Opensolaris | Sun | * | build_snv_95 (including) |
| Opensolaris | Sun | build_snv_01 (including) | build_snv_01 (including) |
| Opensolaris | Sun | build_snv_02 (including) | build_snv_02 (including) |
| Opensolaris | Sun | build_snv_13 (including) | build_snv_13 (including) |
| Opensolaris | Sun | build_snv_19 (including) | build_snv_19 (including) |
| Opensolaris | Sun | build_snv_22 (including) | build_snv_22 (including) |
| Opensolaris | Sun | build_snv_64 (including) | build_snv_64 (including) |
| Opensolaris | Sun | build_snv_88 (including) | build_snv_88 (including) |
| Opensolaris | Sun | build_snv_89 (including) | build_snv_89 (including) |
| Opensolaris | Sun | build_snv_91 (including) | build_snv_91 (including) |
| Opensolaris | Sun | build_snv_92 (including) | build_snv_92 (including) |
| Solaris | Sun | 8 (including) | 8 (including) |
| Solaris | Sun | 9 (including) | 9 (including) |
| Solaris | Sun | 10 (including) | 10 (including) |
| Sunos | Sun | 5.8 (including) | 5.8 (including) |
| Sunos | Sun | 5.9 (including) | 5.9 (including) |
| Sunos | Sun | 5.10 (including) | 5.10 (including) |