| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in Sun Solaris 10.0. This issue affects the function sysinfo of the component Kernel. Performing a manipulation results in integer coercion.
This vulnerability is identified as CVE-2006-3824. Additionally, an exploit exists.
It is recommended to apply a patch to fix this issue.
Details
A vulnerability was found in Sun Solaris 10.0 (Operating System). It has been classified as critical. This affects the function sysinfo of the component Kernel. The manipulation with an unknown input leads to a integer coercion vulnerability. CWE is classifying the issue as CWE-192. Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. This is going to have an impact on confidentiality. The summary by CVE is:
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
The bug was discovered 07/20/2006. The weakness was released 07/24/2006 with iDEFENSE (Website). It is possible to read the advisory at sunsolve.sun.com. This vulnerability is uniquely identified as CVE-2006-3824 since 07/24/2006. The attack needs to be initiated within the local network. No form of authentication is needed for exploitation. Technical details and a public exploit are known.
A public exploit has been developed in ANSI C and been published even before and not after the advisory. The exploit is shared for download at prdelka.blackart.org.uk. It is declared as functional. The vulnerability was handled as a non-public zero-day exploit for at least 536 days. During that time the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 115381 (Sun Solaris SysInfo Local Information Disclosure Vulnerability).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at sunsolve.sun.com. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (27901), Exploit-DB (2067), SecurityFocus (BID 19104†), OSVDB (27438†) and Secunia (SA21148†). Entries connected to this vulnerability are available at VDB-2392, VDB-2389, VDB-2388 and VDB-2390. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
Website
- Vendor: https://www.oracle.com/sun/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.5
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Integer coercionCWE: CWE-192 / CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Access: Public
Status: Functional
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: sunsolve.sun.com
Timeline
01/31/2005 🔍07/20/2006 🔍
07/21/2006 🔍
07/21/2006 🔍
07/21/2006 🔍
07/22/2006 🔍
07/24/2006 🔍
07/24/2006 🔍
07/24/2006 🔍
07/24/2006 🔍
07/25/2006 🔍
07/25/2006 🔍
07/26/2006 🔍
08/07/2006 🔍
06/18/2025 🔍
Sources
Vendor: oracle.comAdvisory: sunsolve.sun.com⛔
Researcher: http://www.idefense.com
Organization: iDEFENSE
Status: Confirmed
CVE: CVE-2006-3824 (🔍)
GCVE (CVE): GCVE-0-2006-3824
GCVE (VulDB): GCVE-100-2391
X-Force: 27901 - Sun Solaris systeminfo.c integer overflow, Medium Risk
SecurityFocus: 19104 - Sun Solaris SysInfo Local Information Disclosure Vulnerability
Secunia: 21148 - Sun Solaris sysinfo() Kernel Memory Disclosure, Less Critical
OSVDB: 27438 - Solaris sysinfo() Overflow Kernel Memory Disclosure
SecurityTracker: 1016555
Vulnerability Center: 12487 - Sun Solaris Kernel Memory Read via Sysinfo System Call, Low
Vupen: ADV-2006-2936
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 07/26/2006 10:29Updated: 06/18/2025 20:17
Changes: 07/26/2006 10:29 (95), 06/24/2019 09:42 (2), 06/18/2025 20:17 (18)
Complete: 🔍
Cache ID: 216:F06:103
No comments yet. Languages: en.
Please log in to comment.