3 matches found
file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install.
Hi list, Two small problems I noticed with Oracle Solaris Update Manager and the latest patch cluster on Solaris 10 x86. += Local Root If the system administrator is updating the system using update manager or smpatch multi user mode a race condition exists with the postinstall script for SUNWbin...
Symlink attack with Solaris Update manager and Sun Patch Cluster
Symlink attack with Solaris Update manager and Sun Patch Cluster Larry W. Cashdollar Vapid Labs http://vapid.dhs.org 1/24/2010 With the GUI Sun Update Manager being used to install patches on a system local users can easily run scripts and create symlinks in an attempt to clobber files and...
Solaris Update Manager / Sun Patch Cluster Symlink Attack
Symlink attack with Solaris Update manager and Sun Patch Cluster Larry W. Cashdollar Vapid Labs http://vapid.dhs.org 1/24/2010 With the GUI Sun Update Manager being used to install patches on a system local users can easily run scripts and create symlinks in an attempt to clobber files and...