Solaris Recommended Patch Cluster 6/19 Local root on x86

No description provided by source. ?Solaris Recommended Patch Cluster 6/19 local root on x86? Larry W. Cashdollar 7/3/2013 @larry0 If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute commands as root. This only affects x86...

Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation

Solaris Recommended Patch Cluster 6/19 local root on x86 Larry W. Cashdollar 7/3/2013 @larry0 If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute commands as root. This only affects x86 systems as this code resides under a...

Solaris Recommended Patch Cluster 619 (x86) - Local Privilege Escalation

Solaris Recommended Patch Cluster 619 x86 - Local Privilege Escalation Solaris Recommended Patch Cluster 6/19 local root on x86 Larry W. Cashdollar 7/3/2013 @larry0 If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute...

Solaris Recommended Patch Cluster 6/19 Local root on x86

Exploit for linux/x86 platform in category local exploits If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute commands as root. This only affects x86 systems as this code resides under a case statement checking that the...

Solaris Recommended Patch Cluster 6/19 Local Root

Solaris Recommended Patch Cluster 6/19 local root on x86 Larry W. Cashdollar 7/3/2013 @larry0 If the system administrator is updating the system using update manager or smpatch multi user mode a local user could execute commands as root. This only affects x86 systems as this code resides under a...

Solaris 10 Patch Cluster File Clobber

Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp. File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file...

Solaris 10 Patch Cluster File Clobber

File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file created in /tmp are: /sbin/sh:root@dev-unix-sec02 cat CLEANUP...

Another Solaris 10 Patch Cluster Symlink Attack

Larry W. Cashdollar 8/6/2012 Here is another symlink attack with temp file creation using process id in Solaris 10 patch cluster. You can over write the contents of root owned files with the contents of inetd.conf. In patches/137097-01/SUNWcsr/reloc/lib/svc/method/inetd-upgrade lines : 72...

Solaris 10 Patch Cluster Symlink Attack

Larry W. Cashdollar 8/6/2012 Here is another symlink attack with temp file creation using process id in Solaris 10 patch cluster. You can over write the contents of root owned files with the contents of inetd.conf. In patches/137097-01/SUNWcsr/reloc/lib/svc/method/inetd-upgrade lines : 72...

file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install.

Hi list, Two small problems I noticed with Oracle Solaris Update Manager and the latest patch cluster on Solaris 10 x86. += Local Root If the system administrator is updating the system using update manager or smpatch multi user mode a race condition exists with the postinstall script for SUNWbin...

Symlink attack with Solaris Update manager and Sun Patch Cluster

Symlink attack with Solaris Update manager and Sun Patch Cluster Larry W. Cashdollar Vapid Labs http://vapid.dhs.org 1/24/2010 With the GUI Sun Update Manager being used to install patches on a system local users can easily run scripts and create symlinks in an attempt to clobber files and...

Solaris Update Manager / Sun Patch Cluster Symlink Attack

Symlink attack with Solaris Update manager and Sun Patch Cluster Larry W. Cashdollar Vapid Labs http://vapid.dhs.org 1/24/2010 With the GUI Sun Update Manager being used to install patches on a system local users can easily run scripts and create symlinks in an attempt to clobber files and...

Solaris Update manager and Sun Patch Cluster symlink vulnerability

Exploit for solaris platform in category local exploits ================================================================== Solaris Update manager and Sun Patch Cluster symlink vulnerability ================================================================== Symlink attack with Solaris Update manag...