CVE-2004-2686 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2004-2686

Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2686
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
sun / sunos	5.7	5.7.x
sun / sunos	5.8	5.8.x
sun / solaris	9.0	9.0.x
sun / sunos	5.9	5.9.x
sun / solaris	7.0	7.0.x
sun / solaris	2.6	2.6.x
sun / solaris	8.0	8.0.x