CVE-2002-1296Path Traversal in Solaris

3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN SolarisSUN Sunos
Timeline
PublishedDec 23
Latest updateApr 30

Description

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDsun/solaris4 versions+3
NVDsun/sunos5.5.1, 5.7, 5.8+2

Patches

Patch: sunsolve.sun.comPatch: www.kb.cert.orgPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-2r2c-grqr-jcvc: Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via "2022-04-30
CVEList
CVE-2002-1296: Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via "2004-09-01
CVE-2002-1296 — Path Traversal in SUN Solaris | cvebase