Solaris loadable kernel module directory traversal

Added: 06/22/2007
CVE: CVE-2004-1767
BID: 9477
OSVDB: 15128

Background

Loadable kernel modules are programs which can be dynamically loaded into the kernel.

Problem

A directory traversal vulnerability in the vfs_getvfssw function in the Solaris kernel allows unprivileged users to load their own kernel modules through a specially crafted mount or sysfs system call, leading to privilege elevation.

Resolution

Apply the patch referenced in Sun Alert 57479.

References

http://www.kb.cert.org/vuls/id/702526

Platforms

SunOS / Solaris

Back to exploit index