Lucene search

K
cveMitreCVE-2006-3824
HistoryJul 25, 2006 - 1:22 p.m.

CVE-2006-3824

2006-07-2513:22:00
mitre
web.nvd.nist.gov
27
cve-2006-3824
sun solaris
systeminfo.c
integer overflow
signedness error
kernel memory
nvd

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6

Confidence

High

EPSS

0

Percentile

0.4%

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.

Affected configurations

Nvd
Node
sunsolarisMatch10.0sparc
OR
sunsolarisMatch10.0x86
VendorProductVersionCPE
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

AI Score

6

Confidence

High

EPSS

0

Percentile

0.4%