CVE-2008-2710 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2008-2710?

CVE-2008-2710 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-2710?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Opensolaris, Sun Solaris, Sun Sunos.

Vulnerability Description

Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Sun	Opensolaris	10
Sun	Solaris	<= 10
Sun	Sunos	<= -

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2008-2710?

CVE-2008-2710 is a vulnerability with a CVSS score of 7.2 (HIGH). Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users t...

How severe is CVE-2008-2710?

CVE-2008-2710 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-2710?

Check the references section above for vendor advisories and patch information. Affected products include: Sun Opensolaris, Sun Solaris, Sun Sunos.