CVE-2004-2686
published 2004-12-31CVE-2004-2686: Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1)…
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.17%
63.4th percentile
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
| sun | sunos | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/bugtraq/2004/Apr/0081.htmlhttp://securitytracker.com/id?1008833http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.htmlhttp://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdfhttp://www.securityfocus.com/bid/9962https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381http://seclists.org/bugtraq/2004/Apr/0081.htmlhttp://securitytracker.com/id?1008833http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.htmlhttp://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdfhttp://www.securityfocus.com/bid/9962https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381
2004-12-31
Published