Plan 9 Local Integer Overflow Vulnerability
BID:22749
Info
Plan 9 Local Integer Overflow Vulnerability
| Bugtraq ID: | 22749 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1189 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 28 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Don "north" Bailey discovered this issue. |
| Vulnerable: |
Bell Labs Plan 9 Fourth Edition |
| Not Vulnerable: | |
Discussion
Plan 9 Local Integer Overflow Vulnerability
Plan 9 is prone to a local integer-overflow vulnerability because the operating system fails to check boundaries on input to operations that move sensitive memory at the kernel level.
Successfully exploiting this issue allows local attackers to corrupt the kernel memory of the Plan 9 operating system. This may potentially facilitate the execution of attacker-supplied machine code at the kernel level. Failed exploit attempts will likely crash the kernel.
Plan 9 is prone to a local integer-overflow vulnerability because the operating system fails to check boundaries on input to operations that move sensitive memory at the kernel level.
Successfully exploiting this issue allows local attackers to corrupt the kernel memory of the Plan 9 operating system. This may potentially facilitate the execution of attacker-supplied machine code at the kernel level. Failed exploit attempts will likely crash the kernel.
Exploit / POC
Plan 9 Local Integer Overflow Vulnerability
Sample exploit code has been provided:
Sample exploit code has been provided:
Solution / Fix
Plan 9 Local Integer Overflow Vulnerability
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].