CVE-2009-1478

OpenSolaris < snv_114 - Denial of Service via DTrace ioctl Handlers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1478. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a local kernel DoS vulnerability in Solaris >= 10 and OpenSolaris by manipulating the `dofh_loadsz` field in the DTrace DOF header, causing a kernel crash. It uses a multithreaded approach to continuously modify the header while issuing `DTRACEHIOC_ADD` ioctl calls.

Description

Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · cdossolaris

https://www.exploit-db.com/exploits/8597

View Code ZIP pw:eip

This exploit targets a local kernel DoS vulnerability in Solaris >= 10 and OpenSolaris by manipulating the `dofh_loadsz` field in the DTrace DOF header, causing a kernel crash. It uses a multithreaded approach to continuously modify the header while issuing `DTRACEHIOC_ADD` ioctl calls.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Solaris >= 10, OpenSolaris <= snv_113

No auth needed

Prerequisites: Local access to the target system · Ability to open /dev/dtrace/helper

MITRE ATT&CK