header-logo
Suggest Exploit
vendor:
SunOS
by:
SecurityFocus
7.2
CVSS
HIGH
Memory Dump
200
CWE
Product Name: SunOS
Affected Version From: SunOS 4.1.X
Affected Version To: SunOS 4.1.X
Patch Exists: YES
Related CWE: N/A
CPE: o:sun:sunos:4.1.x
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: SunOS
1998

SunOS 4.1.X arp(8c) Memory Dump Vulnerability

The version of arp(8c) which shipped with versions of SunOs 4.1.X could be used to dump system memory by using the -f flag. This flag causes the file filename to be read and multiple entries to be set in the ARP tables. However, in this instance because of poor permission sets on /dev/kmem a user can specify the file to be read as /dev/kmem and therefore gain a dump of currently paged system memory. This could lead to a root compromise.

Mitigation:

Ensure that the permissions on /dev/kmem are set to prevent unauthorized access.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/291/info

The version of arp(8c) which shipped with versions of SunOs 4.1.X could be used to dump system memory by using the -f flag. This flag causes the file filename to be read and multiple entries to be set in the ARP tables. However, in this instance because of poor permission sets on /dev/kmem a user can specify the file to be read as /dev/kmem and therefore gain a dump of currently paged system memory. This could lead to a root compromise. 


$ arp -f /dev/kmem | strings > mem

Navigation

Suggest Exploit

Services By CQR