Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3824Integer Underflow (Wrap or Wraparound) in Solaris

6 documents5 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 51.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Solaris
Timeline
PublishedJul 25
Latest updateMay 1

Description

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

NVDsun/solaris10.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-x7v7-qmr7-45r2: systeminfo2022-05-01
CVEList
CVE-2006-3824: systeminfo2006-07-25

💥Exploits & PoCs

2
Exploit-DB
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)2006-08-22
Exploit-DB
Solaris 10 - 'sysinfo()' Local Kernel Memory Disclosure (1)2006-07-24

💬Community

1
Bugzilla
CVE-2007-5977 XSS in db_create2007-11-15
CVE-2006-3824 — Integer Underflow (Wrap or Wraparound) | cvebase