Solaris catman Arbitrary File Overwrite

1999-02-10T00:00:00
ID OSVDB:5892
Type osvdb
Reporter OSVDB
Modified 1999-02-10T00:00:00

Description

Vulnerability Description

The catman utility contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the program creating insecure temporary files with predictable names, allowing for symlink attacks. This flaw may lead to a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Short Description

The catman utility contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the program creating insecure temporary files with predictable names, allowing for symlink attacks. This flaw may lead to a loss of confidentiality and/or integrity.

References:

Vendor Specific Advisory URL Related OSVDB ID: 6024 Keyword: Bulletin Number: #00184 Keyword: Sun Bug ID 4154565 ISS X-Force ID: 1733 CVE-1999-0370 CIAC Advisory: j-028 Bugtraq ID: 165