{"api_version":"1","generated_at":"2026-04-22T22:49:28+00:00","cve":"CVE-2018-1171","urls":{"html":"https://cve.report/CVE-2018-1171","api":"https://cve.report/api/cve/CVE-2018-1171.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1171","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1171"},"summary":{"title":"CVE-2018-1171","description":"This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106.","state":"PUBLIC","assigner":"zdi-disclosures@trendmicro.com","published_at":"2018-03-19 18:29:00","updated_at":"2020-08-28 15:18:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/104799","name":"104799","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"CPU July 2018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://help.joyent.com/hc/en-us/articles/360000608188","name":"https://help.joyent.com/hc/en-us/articles/360000608188","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Joyent Ticketing System","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://zerodayinitiative.com/advisories/ZDI-18-236","name":"https://zerodayinitiative.com/advisories/ZDI-18-236","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"ZDI-18-236 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1041303","name":"1041303","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Solaris Multiple Flaws Let Remote and Local Users Gain Elevated Privileges, Access and Modify Data, and Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1171","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1171","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1171","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"joyent","cpe5":"smartos","cpe6":"20170803-20170803t064301z","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1171","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"joyent","cpe5":"smartos","cpe6":"20170803-20170803t064301z","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1171","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"solaris","cpe6":"10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1171","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"solaris","cpe6":"11.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1171","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"solaris","cpe6":"10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1171","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"solaris","cpe6":"11.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"zdi-disclosures@trendmicro.com","ID":"CVE-2018-1171","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Joyent SmartOS","version":{"version_data":[{"version_value":"release-20170803-20170803T064301Z"}]}}]},"vendor_name":"Joyent"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-787-Out-of-bounds Write"}]}]},"references":{"reference_data":[{"name":"https://help.joyent.com/hc/en-us/articles/360000608188","refsource":"CONFIRM","url":"https://help.joyent.com/hc/en-us/articles/360000608188"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"name":"1041303","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041303"},{"name":"104799","refsource":"BID","url":"http://www.securityfocus.com/bid/104799"},{"name":"https://zerodayinitiative.com/advisories/ZDI-18-236","refsource":"MISC","url":"https://zerodayinitiative.com/advisories/ZDI-18-236"}]}},"nvd":{"publishedDate":"2018-03-19 18:29:00","lastModifiedDate":"2020-08-28 15:18:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:joyent:smartos:20170803-20170803t064301z:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1171","Ordinal":"116447","Title":"CVE-2018-1171","CVE":"CVE-2018-1171","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1171","Ordinal":"1","NoteData":"This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1171","Ordinal":"2","NoteData":"2018-03-19","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"1171","Ordinal":"3","NoteData":"2018-07-27","Type":"Other","Title":"Modified"}]}}}