CVE-2007-1189

Alcatel-Lucent Bell Labs Plan 9 - Memory Corruption

Title source: llm

Description

Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Don Bailey · clocalplan9

https://www.exploit-db.com/exploits/3383

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/bid/22749

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3383

[Exploit] http://kernelspace.us/itheft.c

[Third Party Advisory, VDB Entry] http://osvdb.org/34956

[Exploit] http://lists.immunitysec.com/pipermail/dailydave/2007-February/004118.html

Scores

EPSS 0.0025

EPSS Percentile 48.7%

Details

Status published

Products (1)

bell_labs/plan_9

Published Mar 02, 2007

Tracked Since Feb 18, 2026