Bugtraq mailing list archives

Re: Solaris patchadd(1) (3) symlink vulnerabilty

From: Matthew Potter <mpotter () ATPCO COM>
Date: Tue, 19 Dec 2000 19:56:42 -0500

Solutions:

Well it is good policy to add patches in single user mode IF YOU CAN. I
recall seeing a warning in "install_cluster" to install in single usermode
if you can.... Maybe that was a while ago when they used to have "jumbo"
patches.

1) init S
2) patchadd


Race Condition
remote NO
local YES

Vulnerable: I only checked Solaris 2.7 sparc with latest install_cluster


what arch? sun4u?
uname -a ?

Current thread:

Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 18)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Matthew Potter (Dec 20)
- <Possible follow-ups>
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 19)
  - Re: Solaris patchadd(1) (3) symlink vulnerabilty Dan Harkless (Dec 20)
  - Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 20)
    - Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
    - Re: Solaris patchadd(1) (3) symlink vulnerabilty Cy Schubert - ITSD Open Systems Group (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 20)
  - Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
    - Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 22)
  - Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
  - Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 21)

(Thread continues...)