BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Another Solaris 10 Patch Cluster Symlink Attack
Aug 09 2012 04:59PM
larry Cashdollar (larry0 me com)
Larry W. Cashdollar
8/6/2012
Here is another symlink attack with temp file creation using process id in Solaris 10 patch cluster. You can over write the contents of root owned files with the contents of inetd.conf.
In patches/137097-01/SUNWcsr/reloc/lib/svc/method/inetd-upgrade
lines :
72 ...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
8/6/2012
Here is another symlink attack with temp file creation using process id in Solaris 10 patch cluster. You can over write the contents of root owned files with the contents of inetd.conf.
In patches/137097-01/SUNWcsr/reloc/lib/svc/method/inetd-upgrade
lines :
72 ...
[ more ]