Solaris sdtcm_convert File Creation漏洞

漏洞信息详情

Solaris sdtcm_convert File Creation漏洞

• CNNVD编号：CNNVD-199908-015
• 危害等级： 中危
  
  
• CVE编号：
  CVE-1999-0676
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1999-08-09
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  sun
• 漏洞来源：
  First posted to Bu…

Solaris 2.6的sdtcm_convert存在漏洞。本地用户可以通过符号链接攻击重写敏感文件。

A quick solution is to remove the setuid bit from sdtcm_convert or remove/disable the program completely.
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Sun Solaris 2.5

• Sun 103671-05
  

Sun Solaris 2.5 _x86

• Sun 103718-06×86
  

Sun Solaris 2.5.1 _x86

• Sun 103717-06×86
  

Sun Solaris 2.5.1

• Sun 103670-06sparc
  

Sun Solaris 2.6

• Sun 105566-06sparc
  

Sun Solaris 2.6 _x86

• Sun 105567-07×86
  

来源: BUGTRAQ
名称: 19990808 sdtcm_convert
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org

来源: BID
名称: 575
链接:http://www.securityfocus.com/bid/575