CVE-2020-27678
https://notcve.org/view.php?id=CVE-2020-27678
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. Se detectó un problema en illumos antes del 22-10-2020, como es usado en OmniOS versiones anteriores a r151030by, r151032ay y r151034y y SmartOS versiones anteriores a 20201022. Se presenta un desbordamiento de búfer en la función parse_user_name en la biblioteca lib/libpam/pam_framework.c • https://github.com/illumos/illumos-gate/commit/1d276e0b382cf066dae93640746d8b4c54d15452 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2016-9040
https://notcve.org/view.php?id=CVE-2016-9040
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service. Existe una denegación de servicio (DoS) explotable en el sistema de archivos Hyprlofs de Joyent SmartOS OS 20161110T013148Z. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-1171 – Joyent SmartOS DTrace DOF Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1171
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104799 http://www.securitytracker.com/id/1041303 https://help.joyent.com/hc/en-us/articles/360000608188 https://zerodayinitiative.com/advisories/ZDI-18-236 • CWE-787: Out-of-bounds Write •
CVE-2018-1166 – Joyent SmartOS SMBIOC_TREE_RELE Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1166
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. • https://help.joyent.com/hc/en-us/articles/360000124928 https://zerodayinitiative.com/advisories/ZDI-18-159 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVE-2018-1165 – Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1165
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. • https://help.joyent.com/hc/en-us/articles/360000124928 https://www.oracle.com/security-alerts/cpuapr2020.html https://zerodayinitiative.com/advisories/ZDI-18-158 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •