VDB
CVE-2020-2944
CVE-2020-2944
PUBLISHED
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.
EPSS 0.59% · 69.6th percentile
Risk Scores
EPSS Score
0.59%
69.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joyent | Joyent SmartOS | release-20170803-20170803T064301Z |
Exploit Intelligence
- http://packetstormsecurity.com/files/157280/Common-Desktop-Environment-1.6-Local-Privilege-Escalation.html (nist-nvd)
- http://www.openwall.com/lists/oss-security/2020/04/15/3 (nist-nvd)
- https://help.joyent.com/hc/en-us/articles/360000124928 (circl)
- https://zerodayinitiative.com/advisories/ZDI-18-158 (circl)
- https://www.oracle.com/security-alerts/cpuapr2020.html (circl)
- Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Exploit (0day-today)
- Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Exploit (0day-today)
- Common Desktop Environment 1.6 Local Privilege Escalation Exploit (0day-today)
- Common Desktop Environment 1.6 Local Privilege Escalation Exploit (0day-today)
Timeline
- Apr 15, 2020 CVE Published
- Apr 18, 2020 PoC Published
- Apr 21, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score