CVE-2008-0965Use of Externally-Controlled Format String in Opensolaris

CWE-134Use of Externally-Controlled Format String3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
16.3%
top 5.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SUN OpensolarisSUN SolarisSUN Sunos
Timeline
PublishedAug 8
Latest updateMay 1

Description

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDsun/opensolarisbuild_snv_95+10
NVDsun/solaris10, 8, 9+2
NVDsun/sunos5.10, 5.8, 5.9+2

🔴Vulnerability Details

2
GHSA
GHSA-8frx-mxpf-4r9p: Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote2022-05-01
CVEList
CVE-2008-0965: Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote2008-08-08
CVE-2008-0965 — SUN Opensolaris vulnerability | cvebase