Joyent SmartOS dtrace Information Disclosure Vulnerability

2016-05-04T00:00:00
ID ZDI-16-274
Type zdi
Reporter Ben Murphy
Modified 2016-11-09T00:00:00

Description

This vulnerability allows local attackers to disclose information on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must open a malicious file.

The specific flaw exists within the dtrace implementation in SmartOS. A function within this implementation allows for arbitrary reads from kernel space. This allows an attacker to read arbitrary memory from the headnode where the zone resides.