Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
BID:25905
Info
Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
| Bugtraq ID: | 25905 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5225 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 03 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | An anonymous researcher working with the iDefense Labs is credited with the discovery of this issue. |
| Vulnerable: |
Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10_sparc Avaya Interactive Response 1.3 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1 |
| Not Vulnerable: | |
Discussion
Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
Sun Solaris is prone to a local information-disclosure vulnerability because it fails to adequately sanitize users-supplied input used for reading potentially sensitive memory data.
Information gained will help attackers launch further attacks against the affected computer.
Sun Solaris is prone to a local information-disclosure vulnerability because it fails to adequately sanitize users-supplied input used for reading potentially sensitive memory data.
Information gained will help attackers launch further attacks against the affected computer.
Exploit / POC
Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
The following exploits are available:
The following exploits are available:
Solution / Fix
Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
Solution:
The vendor released an advisory and updates to address this issue. Please see the references for more information.
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9_x86
Sun Solaris 10_x86
Solution:
The vendor released an advisory and updates to address this issue. Please see the references for more information.
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 9_x86
Sun Solaris 10_x86
References
Sun Solaris I_PEEK IOCTL Handler Local Information Disclosure Vulnerability
References:
References:
- Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability (iDefense Labs)
- Sun Solaris Homepage (Sun Microsystems)
- Sun Microsystems Solaris FIFO FS Information Disclosure Vulnerability (iDefense Labs)
- 103061 Security Vulnerability in Solaris Named Pipes (pipe(2)) May Allow Unautho (Sun)
- ASA-2007-463 - Security Vulnerability in Solaris Named Pipes (pipe(2)) May Allow (Avaya)