Solaris sdtcm_convert File Creation ...

- AV AC AU C I A
发布: 1999-08-09
修订: 2018-10-17

There is a vulnerability in sdtcm_convert, a caldendar data conversion utility and one of the programs associated with the version of CDE bundled with Solaris 2.6. stdcm_convert will create files (if absent) in /usr/spool/calendar/ called .lock.convert.<hostname> and .lock.<hostname> as root, set mode 0660 (owned by root, group-owned by user's (your) group, and group writeable). If these files do not already exist, it is possible to create a symlink pointed to any file in the filesystem which will be created and be writeable by the attacker. The consequences of this is a possible local root compromise. The vulnerability cannot be used to overwrite already existing files.

0%
暂无可用Exp或PoC
产品及版本信息(CPE)暂不可用