Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0964Improper Restriction of Operations within the Bounds of a Memory Buffer in Opensolaris

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
28.6%
top 3.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
SUN OpensolarisSUN SolarisSUN Sunos
Timeline
PublishedAug 8
Latest updateMay 1

Description

Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDsun/opensolarisbuild_snv_95+10
NVDsun/solaris10, 8, 9+2
NVDsun/sunos5.10, 5.8, 5.9+2

🔴Vulnerability Details

2
GHSA
GHSA-xqwr-9jf2-gqww: Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote2022-05-01
CVEList
CVE-2008-0964: Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote2008-08-08

💥Exploits & PoCs

1
Exploit-DB
Sun Solaris 10 - snoop(1M) Utility Remote Command Execution2008-08-29
CVE-2008-0964 — SUN Opensolaris vulnerability | cvebase