Info

Disclosure

Aug 14, 1995

Discovery

Unknown

Dates

Exploit

Aug 14, 1995

Solution

Unknown

Description

The ps program in Sun Solaris contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when the program creates the 'ps_data' file with root permission in the /tmp directory, which is world-writeable. It is possible that the flaw may allow a malicious user to create a symlink from a malicious file, which could be overwritten when the application is executed resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation, Race Condition
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.

Products

Sun Microsystems, Inc.	Sun Solaris	2.4
		2.3

References

CVE ID: 1999-0164 (see also: NVD)
ISS X-Force ID: 420
CERT: CA-1995-09
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1995_3/0087.html
http://archives.neohapsis.com/archives/bugtraq/1995_3/0122.html
http://archives.neohapsis.com/archives/bugtraq/1995_3/0148.html
Vendor Specific Advisory URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/131&type=0&nav=sec.sba
Vendor URL: http://www.sun.com/

Credit

Scott Chasin - chasincrimelab.com -

Direct URL: http://osvdb.org/8346

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

Sun Solaris

References

Credit