PC NetLink 'slsadmin' Unsafe Temporary Files Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1015409 |
|
SecurityTracker URL: http://securitytracker.com/id/1015409
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 24 2005
|
Impact:
Execution of arbitrary code via local system, Modification of system information, Modification of user information, Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.0
|
Description:
A vulnerability was reported in PC NetLink in the 'slsadmin' command. A local user may be able to gain elevated privileges on the target system.
The '/etc/init.d/slsadmin' command in PC NetLink 2.0 opens files in the '/tmp' directory in an unsafe manner. A local user can cause arbitrary information to be written to the filesystem with the permissions of the user running 'slsadmin'. As a result, the local user can cause arbitrary code to be executed.
|
Impact:
A local user can write files to execute arbitrary code on the target system. The code will run with the privileges of the target user running 'slsadmin'.
|
Solution:
Sun has issued the following fix:
SPARC Platform
* PC NetLink 2.0 (for Solaris 7, 8 and 9) with patch 121332-01 or later
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102117-1 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 24 Dec 2005 03:46:41 -0500
Subject: Security Vulnerability in PC Netlink 2.0 "slsadmin" May Allow Files to be Opened Insecurely
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102117-1
|
|
