CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1165 – Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1165
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. • https://help.joyent.com/hc/en-us/articles/360000124928 https://www.oracle.com/security-alerts/cpuapr2020.html https://zerodayinitiative.com/advisories/ZDI-18-158 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9039
https://notcve.org/view.php?id=CVE-2016-9039
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service. Existe una denegación de servicio explotable en el sistema de archivos Hyprlofs de Joyent SmartOS 20161110T013148Z. • http://www.securityfocus.com/bid/95916 http://www.talosintelligence.com/reports/TALOS-2016-0257 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-8733
https://notcve.org/view.php?id=CVE-2016-8733
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031. Existe un desbordamiento de entero explotable en el sistema de archivo Joyent SmartOS 20161110T013148Z Hyprlofs. • http://www.securityfocus.com/bid/94920 http://www.talosintelligence.com/reports/TALOS-2016-0248 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9032
https://notcve.org/view.php?id=CVE-2016-9032
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9034. Existe un desbordamiento de búfer explotable en el sistema de archivo Joyent SmartOS 20161110T013148Z Hyprlofs. • http://www.securityfocus.com/bid/94923 http://www.talosintelligence.com/reports/TALOS-2016-0250 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9034
https://notcve.org/view.php?id=CVE-2016-9034
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032. Existe un desbordamiento de búfer explotable en el sistema de archivo Joyent SmartOS 20161110T013148Z Hyprlofs. • http://www.securityfocus.com/bid/94930 http://www.talosintelligence.com/reports/TALOS-2016-0252 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •