CVE-2008-5689

OpenSolaris snv_01-snv_76 - Denial of Service via SIOCGTUNPARAM IOCTL Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5689. PoCs published by peri.carding.

AI-analyzed exploit summary This exploit leverages a Solaris kernel vulnerability (CVE-2008-5689) to achieve local privilege escalation by manipulating kernel structures via a crafted ioctl call, leading to arbitrary code execution with root privileges.

Description

tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC
by peri.carding · clocalsolaris
https://www.exploit-db.com/exploits/15962

This exploit leverages a Solaris kernel vulnerability (CVE-2008-5689) to achieve local privilege escalation by manipulating kernel structures via a crafted ioctl call, leading to arbitrary code execution with root privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Solaris 10 without patch 138888-01 (SPARC) / 138889-01 (x86), OpenSolaris < snv_77
No auth needed
Prerequisites: Local access to a vulnerable Solaris system · Ability to execute arbitrary code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242266-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021464
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4801
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5949
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47449
Various Sources x_refsource_misc
http://www.trapkit.de/advisories/TKADV2008-015.txt
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15962
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3454
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499352/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32904
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33160

Scores

EPSS 0.0125
EPSS Percentile 65.4%

Details

CWE
CWE-399
Status published
Products (25)
sun/opensolaris snv_01 (2 CPE variants)
sun/opensolaris snv_02 (2 CPE variants)
sun/opensolaris snv_03 (2 CPE variants)
sun/opensolaris snv_04 (2 CPE variants)
sun/opensolaris snv_05 (2 CPE variants)
sun/opensolaris snv_06 (2 CPE variants)
sun/opensolaris snv_07 (2 CPE variants)
sun/opensolaris snv_08 (2 CPE variants)
sun/opensolaris snv_09 (2 CPE variants)
sun/opensolaris snv_10 (2 CPE variants)
... and 15 more
Published Dec 19, 2008
Tracked Since Feb 18, 2026