Data: CASIE
Trigger word:
lie in
Negative Trigger
it
to
gain
full
root
control
over
a
machine
.
The
privilege
escalation
vulnerability
--
now patched
Vulnerability-related.PatchVulnerability
--
is present in
Vulnerability-related.DiscoverVulnerability
current
versions
of
Oracle
Solaris
10
and
11
running
Sun
StorageTek
Availability
Suite
(
AVS
)
for
the
filesystem
and
could
be
used
to
access
to
a
low-level
user
or
service
account
and
,
from
there
,
gain
complete
root
access
to
the
system
.
The
memory
corruption
bug
has been uncovered and detailed
Vulnerability-related.DiscoverVulnerability
by
researchers
at
Trustwave
--
and
its
origins
go
all
the
way
back
to
2007
.
The
original
issue
was disclosed
Vulnerability-related.DiscoverVulnerability
in
2009
and
apparently fixed
Vulnerability-related.PatchVulnerability
,
but
researchers
revisited
Vulnerability-related.DiscoverVulnerability
the
code
this
year
only
to
find
Vulnerability-related.DiscoverVulnerability
the
fix
was
partial
and
loopholes
still
allowed
the
execution
of
malicious
code
.
The
origins
of
the
exploit
,
CVE-2018-2892
,
lie in
Vulnerability-related.DiscoverVulnerability
one
small
fragment
of
code
which
contains
a
number
of
separate
vulnerabilities
around
the
dereferencing
pointer
,
the
means
of
getting
values
stored
in
a
specific
memory
location
.
``
Attackers
can
exploit
Vulnerability-related.DiscoverVulnerability
this
vulnerability
to
take
access
to
a
low-level
user
or
service
account
and
gain
complete
root
access
to
the
entire
system
,
''
Neil
Kettle
,
application
security
principal
consultant
at
SpiderLabs
at
Trustwave
,
told
Vulnerability-related.DiscoverVulnerability
ZDNet
.
An
attacker
exploiting
this
vulnerability
would
need
direct
access
to
a
user
or
service
account
.
``
This
can
be
obtained
by
targeting
users
with
social
engineering
attacks
or
by
exploiting
vulnerabilities
in
existing
services
.
Once
the
attacker
has
access
to
any
account
,
this
vulnerability
can
be
very
easily
exploited
Vulnerability-related.DiscoverVulnerability
to
gain
complete
root
control
over
the
system
,
''
said
Vulnerability-related.DiscoverVulnerability
Kettle
.
While
the
original
2007
vulnerability
has
probably
been
used
in
the
wild
,
there
's
no
confirmation
that
the
new
exploit
has
been
used
to
conduct
an
attack
.
Nonetheless
,
Trustwave
disclosed the discovery
Vulnerability-related.DiscoverVulnerability
to
Oracle
,
which
has delivered
Vulnerability-related.PatchVulnerability
a
patch
to
fix
Vulnerability-related.PatchVulnerability
the
loophole
.