NFS on SunOS 4.1 up to and including 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun sunos 4.1.1 |
||
sun sunos 4.1.2 |
||
sun sunos 4.1 |