Sun Solaris Loopback FileSystem Local Denial of Service Vulnerability
BID:22364
Info
Sun Solaris Loopback FileSystem Local Denial of Service Vulnerability
| Bugtraq ID: | 22364 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-0668 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 01 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Sun Solaris 10_x86 Sun Solaris 10_sparc |
| Not Vulnerable: | |
Discussion
Sun Solaris Loopback FileSystem Local Denial of Service Vulnerability
Sun Solaris is prone to a local denial-of-service vulnerability.
Attackers may exploit this issue to remove or rename files from a read-only filesystem either in the global or nonglobal zones. Depending on the files targetted, this may result in denial-of-service conditions.
Solaris 10 is affected by this issue.
Sun Solaris is prone to a local denial-of-service vulnerability.
Attackers may exploit this issue to remove or rename files from a read-only filesystem either in the global or nonglobal zones. Depending on the files targetted, this may result in denial-of-service conditions.
Solaris 10 is affected by this issue.
Exploit / POC
Sun Solaris Loopback FileSystem Local Denial of Service Vulnerability
To exploit this issue, an attacker must rename or move a file that is part of the mounted LOFS.
To exploit this issue, an attacker must rename or move a file that is part of the mounted LOFS.
Solution / Fix
Sun Solaris Loopback FileSystem Local Denial of Service Vulnerability
Solution:
Sun has released an advisory and fixes to address this issue. Please see the references for more information.
Solution:
Sun has released an advisory and fixes to address this issue. Please see the references for more information.
References
Sun Solaris Loopback FileSystem Local Denial of Service Vulnerability
References:
References:
- Sun Solaris Home Page (Sun Microsystems)
- A Security Vulnerability in the Solaris 10 Loopback FileSystem (LOFS) May Allow (Sun)