National Cyber-Alert System

Vulnerability Summary for CVE-2008-3875

Overview

The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: BID

Name: 30880

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/30880

External Source: XF

Name: solaris-kernel-security-bypass(44753)

Hyperlink:http://xforce.iss.net/xforce/xfdb/44753

External Source: SECTRACK

Name: 1020780

Hyperlink:http://www.securitytracker.com/id?1020780

External Source: VUPEN

Name: ADV-2008-2460

Hyperlink:http://www.frsirt.com/english/advisories/2008/2460

External Source: SUNALERT

Name: 240706

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-240706-1

External Source: SECUNIA

Name: 31667

Hyperlink:http://secunia.com/advisories/31667

External Source: OVAL

Name: oval:org.mitre.oval:def:5453

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5453