Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9040

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.

Published

2018-09-07T12:29:00.237

Last Modified

2024-11-21T03:00:29.563

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	joyent	smartos	20161110t013148z	Yes

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258 Exploit, Technical Description, Third Party Advisory ([email protected])
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258 Exploit, Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)