Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: Solaris, memory corruption via sdhost |
| May 2009 by Vigil@nce |
| SYNTHESIS OF THE VULNERABILITY An attacker can use a SD memory card in order to corrupt the memory of the Solaris kernel. Severity: 2/4 Consequences: administrator access/rights, denial of service of service Provenance: user console Means of attack: no proof of concept, no attack Ability of attacker: expert (4/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: low (1/3) Creation date: 22/05/2009 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY A SD memory card is for example used in a camera. Some x86 computers have a SD slot to connect these cards. The sdhost driver of Solaris (usr/src/uts/common/io/sdcard/adapters/sdhost/sdhost.c) implements the support of these memory cards. The Ricoh R5C822 adapter requires non standard DMA (Direct Memory Access) parameters. Parameters used in sdhost.c incorrectly define the memory area. An attacker can then directly access to the kernel memory. A local attacker can thus alter a memory area in order to elevate his privileges. CHARACTERISTICS Identifiers: 259408, 6797937, BID-35069, CVE-2009-1763, VIGILANCE-VUL-8731 http://vigilance.fr/vulnerability/Solaris-memory-corruption-via-sdhost-8731 |
< previous next > |
OpenSolaris
