CVE-2016-9031 - Vulnerability Details - OpenCVE

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joyent	Smartos

Configuration 1 [-]

cpe:2.3:o:joyent:smartos:20161110t013148z:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/94921
http://www.talosintelligence.com/reports/TALOS-2016-0249/

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2016-12-14T17:00:00

Updated: 2024-08-06T02:35:02.561Z

Reserved: 2016-10-26T00:00:00

Link: CVE-2016-9031

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-12-14T17:59:02.080

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-9031

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SmartOS", "vendor": "Joyent", "versions": [{"status": "affected", "version": "OS 20161110T013148Z"}]}], "datePublic": "2016-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "integer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T19:17:10", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"name": "94921", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94921"}, {"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0249/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2016-9031", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SmartOS", "version": {"version_data": [{"version_value": "OS 20161110T013148Z"}]}}]}, "vendor_name": "Joyent"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733."}]}, "impact": {"cvss": {"baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "integer overflow"}]}]}, "references": {"reference_data": [{"name": "94921", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94921"}, {"name": "http://www.talosintelligence.com/reports/TALOS-2016-0249/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0249/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:35:02.561Z"}, "title": "CVE Program Container", "references": [{"name": "94921", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94921"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0249/"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2016-9031", "datePublished": "2016-12-14T17:00:00", "dateReserved": "2016-10-26T00:00:00", "dateUpdated": "2024-08-06T02:35:02.561Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:joyent:smartos:20161110t013148z:*:*:*:*:*:*:*", "matchCriteriaId": "F6541483-AB66-4279-9C32-12B8E9ED4A10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733."}, {"lang": "es", "value": "Existe un desbordamiento de entero explotable en el sistema de archivo Joyent SmartOS 20161110T013148Z Hyprlof. La vulnerabilidad est\u00e1 presente en el sistema de llamada loctl con el comando HYPRLOFS_ADD_ENTRIES cuando trabaja con sistemas de archivo 32-bit. Un atacante puede manipular una entrada que puede causar p\u00e1nico de kernel y potencialmente ser aprovechada para una vulnerabilidad de escalada de privilegios completa. Esta vulnerabilidad es distinta de CVE-2016-8733."}], "id": "CVE-2016-9031", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-14T17:59:02.080", "references": [{"source": "talos-cna@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94921"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0249/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94921"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0249/"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}