CVE-2004-2686
Solaris 2.6, 7, 8, 9 - Local Path Traversal via VFS System Calls
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-2686. PoCs published by Sinan Eren.
AI-analyzed exploit summary The provided text describes a local privilege escalation vulnerability in Sun Solaris due to insufficient sanitization in the vfs_getvfssw() function, allowing attackers to load arbitrary kernel modules via directory traversal in mount() or sysfs() system calls. No actual exploit code is included, only a reference to a binary exploit.
Description
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
Exploits (1)
The provided text describes a local privilege escalation vulnerability in Sun Solaris due to insufficient sanitization in the vfs_getvfssw() function, allowing attackers to load arbitrary kernel modules via directory traversal in mount() or sysfs() system calls. No actual exploit code is included, only a reference to a binary exploit.