14 matches found
CVE-2012-0217
CVE-2012-0217 affects the x86-64 kernel sysret path across multiple platforms (Xen 4.1.2 and earlier, XenServer 6.0.2 and earlier, Solaris 11 and earlier, illumos before r13724, FreeBSD before 9.0-RELEASE-p3, NetBSD 6.0 Beta and earlier, Windows Server 2008 R2/R2 SP1/Windows 7 SP1, and others). T...
CVE-2021-43395
CVE-2021-43395 affects illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS CE r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923, plus Oracle Solaris 10/11. The issue allows a local unprivileged user to trigger a deadlock and kernel panic by issuing crafted rename and rmdir op...
CVE-2018-1171
The CVE-2018-1171 entry concerns Joyent SmartOS release-20170803. An attacker who can run low-privileged code on the target can exploit a flaw in the DTrace DOF handling to write past the end of an allocated object, enabling local privilege escalation and code execution under the host OS. Root ca...
CVE-2016-9034
Joyent SmartOS Hyprlofs IOCTL vulnerability (CVE-2016-9034) is a local buffer overflow in the HYPRLOFS_ADD_ENTRIES path for 32-bit/native file systems. Root cause: a length check uses > MAXPATHLEN instead of >=, allowing nm[e[i].hle_nlen] to be written out of bounds and enabling a potential...
CVE-2016-9039
CVE-2016-9039 affects Joyent SmartOS Hyprlofs fs. The vulnerability exists in the IOCTL HYPRLOFS_ADD_ENTRIES path where buffers are allocated (kmem_alloc) and may not be freed on error, enabling memory exhaustion through repeated exploitation and resulting in a denial of service on affected Smart...
CVE-2016-8733
CVE-2016-8733 concerns Joyent SmartOS, specifically the Hyprlofs file system. The vulnerability resides in the Ioctl handling path for HYPRLOFS_ADD_ENTRIES when dealing with native/file-system data models. A user-supplied length (an unsigned integer) is cast to a signed int, bypassing an upper bo...
CVE-2016-9033
Joyent SmartOS Hyprlofs file system contains a local buffer overflow in the Ioctl HYPRLOFS_ADD_ENTRIES path. The vulnerability arises in hyprlofs_vnops.c where a stack-allocated path buffer size MAXPATHLEN (1024) can be overrun due to a length check of e[i].hle_plen using > MAXPATHLEN instead ...
CVE-2016-9032
CVE-2016-9032 is a local privilege-escalation vulnerability in Joyent SmartOS (hyprlofs) exploiting a buffer overflow in the Hyprlofs file system via IOCTL HYPRLOFS_ADD_ENTRIES. Details describe a vulnerable stack buffer of size MAXPATHLEN (1024) and a bug where the nlen check uses > MAXPATHLE...
CVE-2016-9031
Affected: Joyent SmartOS Hyprlofs IOCTL path. Vulnerability in HYPRLOFS_ADD_ENTRIES (32-bit/native path) where user-supplied length is cast from unsigned to signed, bypassing length checks and causing a large allocation, leading to NULL-page write and potential privilege escalation. Impact: kerne...
CVE-2016-9035
CVE-2016-9035 affects Joyent SmartOS Hyprlofs IOCTL path handling. The vulnerability arises in the HYPRLOFS_ADD_ENTRIES path where a stack buffer path[MAXPATHLEN] can be overflowed due to an off-by-one check: e.g., a user length greater than MAXPATHLEN is rejected, but lengths equal to MAXPATHLEN...
CVE-2016-9040
CVE-2016-9040 : Joyent SmartOS Hyprlofs IOCTL ADD_ENTRIES (32-bit) vulnerability. Hyprlofs_ioctl allocates a buffer (len based on user input) and may not free it on all paths, enabling memory exhaustion and full system DoS with repeated calls. Affected: SmartOS 20161110T013148Z Hyprlofs file syst...
CVE-2018-1165
CVE-2018-1165 affects Joyent SmartOS release-20170803 (and related SmartOS builds) with a heap-based buffer overflow in the SMB_IOC_SVCENUM IOCTL. The root cause is missing validation of user-supplied data length before copying to a fixed-length heap buffer, enabling a local attacker who can run ...
CVE-2018-1166
CVE-2018-1166 affects Joyent SmartOS release-20170803… and is tied to the SMBIOC_TREE_RELE ioctl. The root cause is a lack of validation of an object’s existence before performing operations on it, enabling a local attacker who can run low-privileged code to escalate privileges and execute code w...
CVE-2020-27678
CVE-2020-27678 affects illumos up to 2020-10-22 (as used in OmniOS prior to r151030by, r151032ay, r151034y and SmartOS prior to 20201022). The issue is a buffer overflow in parse_user_name within lib/libpam/pam_framework.c. Connected records corroborate this across NVD and vendor pages, confirmin...