Solaris pkgadd File Permission Weakness Local Privilege Escalation

2006-08-25T04:34:16
ID OSVDB:28203
Type osvdb
Reporter OSVDB
Modified 2006-08-25T04:34:16

Description

Vulnerability Description

Sun Solaris contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in pkgadd, which may set insecure file permissions (755 or 777) on files and directories when installing a package with a pkgmap file containing a '?' character in the 'mode' field. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Short Description

Sun Solaris contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in pkgadd, which may set insecure file permissions (755 or 777) on files and directories when installing a package with a pkgmap file containing a '?' character in the 'mode' field. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.sun.com Vendor Specific Advisory URL Secunia Advisory ID:21633 Keyword: BugIDs: 6380672 FrSIRT Advisory: ADV-2006-3397 CVE-2006-4439