| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Sun Solaris and classified as problematic. This affects an unknown function of the component IOCTL Handler. Executing a manipulation can lead to denial of service. This vulnerability appears as CVE-2009-1478. In addition, an exploit is available. It is suggested to upgrade the affected component.
Details
A vulnerability was found in Sun Solaris (Operating System). It has been declared as problematic. This vulnerability affects an unknown code of the component IOCTL Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. CVE summarizes:
Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors.
The bug was discovered 04/27/2009. The weakness was presented 04/27/2009 (Website). The advisory is shared for download at sunsolve.sun.com. This vulnerability was named CVE-2009-1478 since 04/29/2009. The exploitation appears to be easy. The attack needs to be approached locally. No form of authentication is required for a successful exploitation. Technical details are unknown but a public exploit is available.
A public exploit has been developed in ANSI C. It is possible to download the exploit at securityfocus.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 39309 (Solaris 10 (sparc) : 141765-01), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Solaris Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116454 (Solaris DTrace Handlers Denial of Service Vulnerability (1020403.1)).
Upgrading to version Snv 85 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (50220), Exploit-DB (8597), Tenable (39309), SecurityFocus (BID 34753†) and OSVDB (54138†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
- 1
- 1.0
- 1.0.1
- 1.1
- 1.1.1a
- 1.1.2
- 1.1.3
- 1.1.4
- 1.1c
- 1.2
- 1.4.1
- 2
- 2.0
- 2.1
- 2.2
- 2.3
- 2.4
- 2.5
- 2.5.1
- 2.6
- 2.6_x86
- 2.7
- 2.8
- 4.1.1
- 4.1.2
- 4.1.3
- 5.0
- 5.0.9
- 5.3
- 5.4
- 5.5
- 5.5.1
- 5.6
- 5.8
- 5.10
- 5.11
- 7
- 7.0
- 7.0_x86
- 8
- 8.0
- 8.1
- 8.2
- 8.12.5
- 9
- 9.0
- 9.1
- 10
- 10.0
- 11.0
- 500
- 2009.06
- <=1.2
- <=1.4.0
- <=1.4.2
- <=1.4.3
- <=1.4.4
- <=5.5
- <=8
- <=8.0
- <=9
- <=9.0
- <=10
- Snv 47
- Snv 48
- Snv 49
- Snv 50
- Snv 51
- Snv 52
- Snv 53
- Snv 54
- Snv 55
- Snv 56
- Snv 57
- Snv 58
- Snv 59
- Snv 60
- Snv 61
- Snv 62
- Snv 63
- Snv 64
- Snv 65
- Snv 66
- Snv 67
- Snv 68
- Snv 69
- Snv 70
- Snv 71
- Snv 72
- Snv 73
- Snv 74
- Snv 75
- Snv 76
- Snv 77
- Snv 78
- Snv 79
- Snv 80
- Snv 81
- Snv 82
License
Support
- end of life (old version)
Website
- Vendor: https://www.oracle.com/sun/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 5.6
VulDB Base Score: 6.2
VulDB Temp Score: 5.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 39309
Nessus Name: Solaris 10 (sparc) : 141765-01
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 855647
OpenVAS Name: Solaris Update for fasttrap 141765-01
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Solaris Snv 85
Timeline
04/27/2009 🔍04/27/2009 🔍
04/27/2009 🔍
04/27/2009 🔍
04/28/2009 🔍
04/29/2009 🔍
04/29/2009 🔍
04/29/2009 🔍
04/29/2009 🔍
04/29/2009 🔍
04/30/2009 🔍
06/04/2009 🔍
03/17/2015 🔍
09/21/2025 🔍
Sources
Vendor: oracle.comAdvisory: sunsolve.sun.com⛔
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2009-1478 (🔍)
GCVE (CVE): GCVE-0-2009-1478
GCVE (VulDB): GCVE-100-47968
X-Force: 50220
SecurityFocus: 34753 - Sun Solaris DTrace Handler IOCTL Request Multiple Local Denial of Service Vulnerabilities
Secunia: 34836
OSVDB: 54138 - Solaris DTrace IOCTL Handlers Local DoS
SecurityTracker: 1022143
Vulnerability Center: 21803 - Sun Solaris 10 and OpenSolaris before snv_114 DTrace ioctl Handlers Local DoS Vulnerability, Medium
Vupen: ADV-2009-1199
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/17/2015 23:38Updated: 09/21/2025 09:33
Changes: 03/17/2015 23:38 (87), 09/02/2019 11:14 (1), 04/13/2025 22:41 (19), 09/21/2025 09:33 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.