2 matches found
Solaris Flar Unsafe Use Of Temporary Files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Below is the full disclosure information for CVE-2010-2382. It was reported to [email protected] on 23 December, 2009 and assigned Sun bug 6912851. This vulnerability was addressed by Sun/Oracle in the July 2010 Critical Patch Update...
CVE-2010-2382
CVE-2010-2382 (Solaris) affects Solaris 8/9/10 where the flar tool used for creating flash archives writes to insecure temporary files in /tmp with predictable names (e.g., .flash_filter_one_.$PID). An unprivileged user can pre-create symlinks to privileged targets, and when root runs flar, it ma...