4 matches found
patchadd.pl
Here is an exploit to an old bug for patchadd in Solaris. It exploits a symlink vulnerability to clobber files with output from patchadd. This was written and tested on Solaris 2.8 Sparc with the current patch cluster applied. -- Larry http://vapid.dhs.org:8080 !/usr/local/bin/perl Exploit for...
Solaris patchadd(1) (3) symlink vulnerabilty
Greetings Bugtraq, I was playing around with patchadd and the bug was found when I issued a "truss -f -o patch.log patchadd patch" where patch was a tarball and then patchadd omitted an error because of it being a tarball, so then when I went through the debug output, i found out that there was a...
Дырка в patchadd под Solaris
Уязвимость символьных линков + некорректные разрешения на временные файлы...
Solaris 2.5.12.67.08 - patchadd Race Condition
Solaris 2.5.12.67.08 - patchadd Race Condition source: https://www.securityfocus.com/bid/2127/info patchadd is the patch management tool included with the Solaris Operating Environment, distributed by Sun Microsystems. A problem exists which could allow a user to corrupt or append system files. T...