NVD

Id
62492  
Name
CVE-2006-3824  
Description
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.  
Reject
 
CVSS Version
2  
CVSS Score
4.9  
Severity
Medium  
CVSS Base Score
4.9  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:N/A:N)  
Pub Date
2016-12-20  
Published
2006-07-25  
Modified Date
2011-03-07  
Seq
2006-3824  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
324643 62492 CVE-2006-3824 1016555  View
324644 62492 CVE-2006-3824 20060720 Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability  View
324645 62492 CVE-2006-3824 20060721 Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability  View
324646 62492 CVE-2006-3824 20060724 Re: Re: [Full-disclosure] iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability  View
324647 62492 CVE-2006-3824 19104  View
324648 62492 CVE-2006-3824 ADV-2006-2936  View
324649 62492 CVE-2006-3824 solaris-systeminfo-overflow(27901)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
58243 JVNDB-2006-000439 Sun Solaris の sysinfo() 関数におけるカーネルメモリ情報を取得される脆弱性 Sun Solaris に実装されている /usr/src/uts/common/syscall/systeminfo.c の sysinfo() 関数には、count パラメータに対する妥当性が不適切であるため、count パラメータとして 0 が引き渡された場合、整数オーバーフローが発生する脆弱性が存在します。 CVE-2006-3824 19926 CVE-2006-3824 62492 4.9 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000439.html 2006-07-21 2007-04-01 View