Info

Disclosure

Jun 11, 1998

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Sun Solaris ufsrestore contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a buffer overflow in ufsrestore is exploited which allows the attacker to run code as root using a non-root user account. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Products

Sun Microsystems, Inc.	Solaris	8
		7
		2.6
		2.5.1
		2.5

References

Keyword: /usr/lib/fs/ufs/ufsrestore /usr/lib/fs/ufs/ufsdump
Bugtraq ID: 1348
CVE ID: 2000-0471 (see also: NVD)
CERT VU: 36866
ISS X-Force ID: 4711
Related OSVDB ID: 8158
Mail List Post: http://seclists.org/lists/bugtraq/1998/Jun/0067.html
Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/210&type=0&nav=sec.sba
CIAC Advisory: i-065

Credit

Job de Haas - jobitsx.com - ITSX bv

Direct URL: http://osvdb.org/1398

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

Solaris

References

Credit