EUVD-2013-1531

Malware in sbrugna...

CVE-2013-1495

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp...

CVE-2013-1495

CVE-2013-1495 affects Oracle Auto Service Request in Oracle Support Tools prior to 4.3.2. It allows a local user to modify arbitrary files via a symlink attack on a predictable /tmp filename. No exploitation details are provided beyond this; remediation is to upgrade to 4.3.2 or later.

Oracle Auto Service Request File Clobber

Oracle Auto Service Request /tmp file clobbering vulnerability http://www.oracle.com/us/support/systems/premier/auto-service-request-155415.html http://docs.oracle.com/cd/E1847601/doc.220/e18478/asr.htm I noticed it creates files insecurely in /tmp using time stamps instead of mkstemp. You can...

Oracle Automated Service Manager 1.3 & Auto Service Request 4.3 local root during install

Oracle Automated Service Manager 1.3 local root during install Larry W. Cashdollar 1/29/2013 @larry0 SUNWsasm-1.3.1-20110815093723 https://updates.oracle.com/Orion/Services/download?type=readme&aru=15864534 From the README: "Oracle Automated Service Manager 1.3.1 Oracle Automated Service Manager ...

Oracle Auto Service Request File Clobber

Oracle Auto Service Request software package creates files insecurely in /tmp using time stamps instead of mkstemp. You can clobber root owned files if you know when around the time the root administrator will be using this utility. larry@oracle-os-lab01 tmp$ for x in seq 500 999; do ln -s...