EUVD-2001-0059

Malware in sbrugna...

Solaris 9 (x86) : 114194-12

SunOS 5.9x86: patchadd and patchrm Patch. Date this patch was last updated by Sun : Jul/02/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

patchadd.pl

Here is an exploit to an old bug for patchadd in Solaris. It exploits a symlink vulnerability to clobber files with output from patchadd. This was written and tested on Solaris 2.8 Sparc with the current patch cluster applied. -- Larry http://vapid.dhs.org:8080 !/usr/local/bin/perl Exploit for...

CVE-2001-0059

CVE-2001-0059 : Solaris’s patchadd is vulnerable to a local symlink attack that allows a local user to overwrite arbitrary files. This affects the patchadd utility used on Solaris, with a CVSSv2 base score of 6.2 (MEDIUM) and an impact of Confidentiality=Complete, Integrity=Complete, Availability...

Дырка в patchadd под Solaris

Уязвимость символьных линков + некорректные разрешения на временные файлы...

Solaris patchadd(1) (3) symlink vulnerabilty

Greetings Bugtraq, I was playing around with patchadd and the bug was found when I issued a "truss -f -o patch.log patchadd patch" where patch was a tarball and then patchadd omitted an error because of it being a tarball, so then when I went through the debug output, i found out that there was a...

Solaris 2.5.12.67.08 - patchadd Race Condition

Solaris 2.5.12.67.08 - patchadd Race Condition source: https://www.securityfocus.com/bid/2127/info patchadd is the patch management tool included with the Solaris Operating Environment, distributed by Sun Microsystems. A problem exists which could allow a user to corrupt or append system files. T...