Advisory Details

This vulnerability allows local attackers to disclose information on vulnerable installations of Joyent SmartOS. User interaction is required to exploit this vulnerability in that the target must open a malicious file.

The specific flaw exists within the dtrace implementation in SmartOS. A function within this implementation allows for arbitrary reads from kernel space. This allows an attacker to read arbitrary memory from the headnode where the zone resides.

• 2016-01-26 - Vulnerability reported to vendor
• 2016-08-10 - Coordinated public release of advisory