| CVE ID | |
| CVSS SCORE | 6.9, AV:L/AC:M/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Joyent |
| AFFECTED PRODUCTS |
SmartOS |
| VULNERABILITY DETAILS |
The specific flaw exists within the dtrace implementation in SmartOS. A method within this implementation allows for an arbitrary write to occur from an out of bounds indexing issue which results in code execution. This allows an attacker to elevate privileges to escape a zone and achieve privileged execution on the headnode. |
| ADDITIONAL DETAILS |
Joyent has issued an update to correct this vulnerability. More details can be found at:
https://help.joyent.com/entries/99083238--UPDATED-Security-Advisory-Docker-DTrace-and-MAC-Protection-Vulnerabilities |
| DISCLOSURE TIMELINE |
|
| CREDIT | Ben Murphy |
