Solaris PC NetLink slsmgr Symlink Arbitrary File Overwrite

2005-12-23T06:32:40
ID OSVDB:22045
Type osvdb
Reporter Sun Microsystems, Inc.()
Modified 2005-12-23T06:32:40

Description

Vulnerability Description

PC Netlink for Solaris SPARC 7, 8 and 9 contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the '/opt/lanman/sbin/slsmgr' script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability. Users of Solaris 7, 8 and 9 on SPARC platforms should apply patch 121209-01 or later.

Solaris 10 and Solaris on x86 platforms are not affected.

Short Description

PC Netlink for Solaris SPARC 7, 8 and 9 contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the '/opt/lanman/sbin/slsmgr' script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

References:

Vendor URL: http://www.sun.com/products/interoperability/netlink/ Vendor Specific Advisory URL Security Tracker: 1015408 Secunia Advisory ID:18230 Related OSVDB ID: 22044 Other Advisory URL: http://www.securiteam.com/unixfocus/6D00N2AEUA.html Keyword: BugIDs: 6215629 FrSIRT Advisory: ADV-2005-3083 CVE-2005-4552 Bugtraq ID: 16059