New Search

priocntl Directory Traversal Vulnerability

oval:org.mitre.oval:def:3637

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure which cause priocntl to load a malicious kernel module.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Sun Solaris 8
  • Sun Solaris 9
  • Sun Solaris 7
Class:
vulnerability
Reference(s):
  • CVE-2002-1296
Product(s):
  • priocntl()