Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5689 — Opensolaris vulnerability

CWE-3994 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 54.18%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Opensolaris SUN Solaris

Timeline

PublishedDec 19

Latest updateMay 14

Description

tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/opensolaris79 versions+78

▶NVDsun/solaris10.0

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-vcjp-2g6v-4gp6: tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbi↗2022-05-14

▶

CVEList

CVE-2008-5689: tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbi↗2008-12-19

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel (Solaris 10 / < 5.10 138888-01) - Local Privilege Escalation↗2011-01-10

▶