CVE-2004-1767
Description
Solaris 2.6-9 allows unprivileged local users to load arbitrary kernel modules, leading to root privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Solaris 2.6-9 allows unprivileged local users to load arbitrary kernel modules, leading to root privilege escalation.
Vulnerability
The kernel in Solaris 2.6, 7, 8, and 9 supports loadable kernel modules (LKMs). A vulnerability exists that allows an unprivileged local user to load arbitrary kernel modules, possibly via the modload function [1]. This bypasses intended access controls.
Exploitation
An attacker with local user access can load a malicious kernel module using the modload command or similar mechanism. No special privileges are required beyond a local shell account [1].
Impact
Successful exploitation allows the attacker to gain root privileges by executing arbitrary code in kernel context [1]. This results in full compromise of the system.
Mitigation
No official patch or workaround is documented in the available reference [1]. The CERT note indicates vendor information but no solution. Users should restrict local access and monitor for unauthorized module loading.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
- (no CPE)range: 2.6, 7, 8, 9
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.securityfocus.com/bid/9477nvdPatch
- www.kb.cert.org/vuls/id/702526nvdThird Party AdvisoryUS Government Resource
- exchange.xforce.ibmcloud.com/vulnerabilities/14917nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4532nvd
News mentions
0No linked articles in our index yet.