Sun Connection Update Manager for Solaris Multiple Insecure Temporary File Creation Vulnerabilities

Bugtraq ID:	38928
Class:	Design Error
CVE:	CVE-2010-1183
Remote:	No
Local:	Yes
Published:	Mar 24 2010 12:00AM
Updated:	Dec 17 2013 12:38AM
Credit:	Larry W. Cashdollar
Vulnerable:	Sun Connection Update Manager for Solaris 0 + Sun Java 2 Micro Edition
Not Vulnerable:

Sun Connection Update Manager for Solaris Multiple Insecure Temporary File Creation Vulnerabilities

Sun Connection Update Manager for Solaris creates temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial-of-service or privilege escalation. Other attacks may also be possible.

These issues affect unknown versions of the application. In addition, these issues may affect certain Solaris patch clusters or individual patch releases.

Sun Connection Update Manager for Solaris Multiple Insecure Temporary File Creation Vulnerabilities

To exploit these issues, an attacker uses readily available commands.

The following exploit code is available:

• /data/vulnerabilities/exploits/38928.sh.txt

Sun Connection Update Manager for Solaris Multiple Insecure Temporary File Creation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Connection Update Manager for Solaris Multiple Insecure Temporary File Creation Vulnerabilities

References:

• Sun Connection Update Manager for Solaris Homepage (Sun)
  
• Symlink attack with Solaris Update manager ([email protected])