CVE-2018-1166 - OpenCVE

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joyent	Smartos

Configuration 1 [-]

cpe:2.3:o:joyent:smartos:20170803:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://help.joyent.com/hc/en-us/articles/360000124928
https://zerodayinitiative.com/advisories/ZDI-18-159

History

No history.

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2018-02-21T14:00:00

Updated: 2024-08-05T03:51:48.929Z

Reserved: 2017-12-05T00:00:00

Link: CVE-2018-1166

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-21T14:29:00.517

Modified: 2019-10-09T23:38:12.693

Link: CVE-2018-1166

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Joyent SmartOS", "vendor": "Joyent", "versions": [{"status": "affected", "version": "release-20170803-20170803T064301Z"}]}], "datePublic": "2018-01-26T00:00:00", "descriptions": [{"lang": "en", "value": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416-Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-02-21T13:57:01", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://help.joyent.com/hc/en-us/articles/360000124928"}, {"tags": ["x_refsource_MISC"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-159"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2018-1166", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Joyent SmartOS", "version": {"version_data": [{"version_value": "release-20170803-20170803T064301Z"}]}}]}, "vendor_name": "Joyent"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416-Use After Free"}]}]}, "references": {"reference_data": [{"name": "https://help.joyent.com/hc/en-us/articles/360000124928", "refsource": "CONFIRM", "url": "https://help.joyent.com/hc/en-us/articles/360000124928"}, {"name": "https://zerodayinitiative.com/advisories/ZDI-18-159", "refsource": "MISC", "url": "https://zerodayinitiative.com/advisories/ZDI-18-159"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.929Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://help.joyent.com/hc/en-us/articles/360000124928"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-159"}]}]}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2018-1166", "datePublished": "2018-02-21T14:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2024-08-05T03:51:48.929Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:joyent:smartos:20170803:*:*:*:*:*:*:*", "matchCriteriaId": "0FF8A728-9DAE-4F31-9018-B0D9EAEDBB5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4984."}, {"lang": "es", "value": "Esta vulnerabilidad permite que los atacantes locales escalen privilegios en instalaciones vulnerables de Joyent SmartOS release-20170803-20170803T064301Z. En primer lugar, un atacante debe obtener la capacidad de ejecutar c\u00f3digo de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. Este error en concreto existe en la llamada IOCTL SMBIOC_TREE_RELE. El problema deriva de la falta de validaci\u00f3n de la existencia de un objeto previa a la realizaci\u00f3n de operaciones sobre el objeto. Un atacante podr\u00eda aprovecharse de esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del host del sistema operativo. Anteriormente era ZDI-CAN-4984."}], "id": "CVE-2018-1166", "lastModified": "2019-10-09T23:38:12.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-21T14:29:00.517", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://help.joyent.com/hc/en-us/articles/360000124928"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-159"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}