Sun Solaris conv_fix Unspecified File Overwrite Vulnerability

Bugtraq ID:	9759
Class:	Unknown
CVE:
Remote:	No
Local:	Yes
Published:	Feb 27 2004 12:00AM
Updated:	Feb 27 2004 12:00AM
Credit:	This issue was disclosed in a Sun Alert Notification.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0
Not Vulnerable:

Sun Solaris conv_fix Unspecified File Overwrite Vulnerability

It has been reported that Sun Solaris may be prone to a vulnerability due to an unspecified erroneous condition resulting from the 'conv_fix' command invoked by conv_lpd(1M) script. This issue will reportedly permit a local attacker to overwrite or create any file on the system. Successful exploitation of this issue may allow a local attacker to gain elevated privileges leading to full compromise of a vulnerable system. The attacker may also cause a denial of service condition on the system.

Sun Solaris conv_fix Unspecified File Overwrite Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Sun Solaris conv_fix Unspecified File Overwrite Vulnerability

Solution:
Sun has released patches for this issue:


Sun Solaris 7.0_x86

• Sun 107116-14
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107116&rev=14

Sun Solaris 9_x86

• Sun 114980-05
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114980&rev=05

Sun Solaris 7.0

• Sun 107115-14
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107115&rev=14

Sun Solaris 8_x86

• Sun 109321-09
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109321&rev=09

Sun Solaris 8_sparc

• Sun 109320-09
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109320&rev=09

Sun Solaris 9

• Sun 113329-05
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113329&rev=05

Sun Solaris conv_fix Unspecified File Overwrite Vulnerability

References:

• Sun Alert ID: 57509 (Sun)