Vigil@nce: Solaris, code execution via snoop
August 2008 by Vigil@nce
SYNTHESIS
An attacker can send a malicious packet to generate a buffer
overflow in order to execute code.
Gravity: 2/4
Consequences: privileged access/rights
Provenance: LAN
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 06/08/2008
Identifier: VIGILANCE-VUL-7998
IMPACTED PRODUCTS
– OpenSolaris [confidential versions]
– Sun Solaris [confidential versions]
– Sun Trusted Solaris [confidential versions]
DESCRIPTION
The "snoop" tool is used to capture and display packets from
device interfaces.
The SMB protocol enables the dialog with Microsoft shared sources.
A malicious SMB packet can generate a buffer overflow in snoop
application.
An attacker can therefore send a malicious SMB packet to create a
buffer overflow and thus execute code.
CHARACTERISTICS
Identifiers: 240101, 6655168, CVE-2008-0964, CVE-2008-0965,
VIGILANCE-VUL-7998