Executive Summary

Summary
Title Sun Alert 253468 A Security Vulnerability in the Solaris dircmp(1) Shell Script may Allow Overwriting of Arbitrary Files
Informations
Name SUN-253468 First vendor Publication 2009-03-30
Vendor Sun Last vendor Modification 2009-04-01
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.4 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris

A race condition security vulnerability in the Solaris dircmp(1) command may allow a local unprivileged user to overwrite or create arbitrary files on the system based on the privileges of the user calling dircmp(1).

Sun would like to acknowledge, with thanks, River Tarnell of the Wikimedia Foundation for bringing this issue to our attention.

State: Resolved
First released: 30-Mar-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_253468_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6183
 
Oval ID: oval:org.mitre.oval:def:6183
Title: A Security Vulnerability in the Solaris dircmp(1) Shell Script may Allow Overwriting of Arbitrary Files
Description: Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1207
 Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 221
Os 6

OpenVAS Exploits

Date Description
2009-06-03 Name : Solaris Update for usr/bin/dircmp 138896-01
File : nvt/gb_solaris_138896_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 138897-01
File : nvt/gb_solaris_138897_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 140837-01
File : nvt/gb_solaris_140837_01.nasl
2009-06-03 Name : Solaris Update for usr/bin/dircmp 140838-01
File : nvt/gb_solaris_140838_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53139 Solaris dircmp Race Condition Arbitrary File Overwrite

Nessus® Vulnerability Scanner

Date Description
2009-04-23 Name : The remote host is missing Sun Security Patch number 140837-01
File : solaris8_140837.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 140838-01
File : solaris8_x86_140838.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 138896-01
File : solaris9_138896.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote host is missing Sun Security Patch number 138897-01
File : solaris9_x86_138897.nasl - Type : ACT_GATHER_INFO