Advisory Details Title: Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability ID: ZDI-18-158, ZDI-CAN-4983 CVE ID: CVE-2018-1165 CVSS Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Affected Vendors: Joyent Affected Products: SmartOS Vulnerability Details Description: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL due to improper validation of the length of user-supplied data. Impact: An attacker can execute code under the context of the host OS. Additional Details Vendor Update: Joyent has issued an update. More details can be found at: https://help.joyent.com/hc/en-us/articles/360000124928 Disclosure Timeline 2017-08-16: Vulnerability reported to vendor 2018-02-12: Coordinated public release of advisory and advisory updated Credit: Ben Murphy