CVE-2018-1166
HIGHJoyent SmartOS release-20170803-20170803T064301Z - Privilege Escalation via SMBIOC_TREE_RELE ioctl
Title source: llmDescription
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://help.joyent.com/hc/en-us/articles/360000124928
Third Party Advisory, VDB Entry x_refsource_misc
https://zerodayinitiative.com/advisories/ZDI-18-159
Scores
CVSS v3
7.8
EPSS
0.0038
EPSS Percentile
30.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-416
Status
published
Products (1)
joyent/smartos
20170803
Published
Feb 21, 2018
Tracked Since
Feb 18, 2026