CVE-2006-3824

Sun Solaris - Info Disclosure

Title source: llm

Description

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Marco Ivaldi · clocalsolaris

https://www.exploit-db.com/exploits/2241

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by prdelka · clocalsolaris

https://www.exploit-db.com/exploits/2067

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016555

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/440849/100/100/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2936

[Third Party Advisory] http://secunia.com/advisories/21148

[Various Sources] http://www.idefense.com/intelligence/vulnerabilities/display.php?id=410

[Exploit, Patch] http://www.securityfocus.com/bid/19104

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102343-1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/440986/100/100/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27901

Scores

EPSS 0.0026

EPSS Percentile 49.0%

Details

Status published

Products (1)

sun/solaris 10.0 (2 CPE variants)

Published Jul 25, 2006

Tracked Since Feb 18, 2026