Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026
CVE-2004-2686
CVE-2004-2686
Description
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
Affected products
8cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- securitytracker.com/idnvdPatch
- www.securityfocus.com/bid/9962nvdExploitPatch
- seclists.org/bugtraq/2004/Apr/0081.htmlnvd
- www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.htmlnvd
- www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdfnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381nvd
News mentions
0No linked articles in our index yet.