|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] OpenServer Insecure tmp Files Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Oct 21 2003 - 09:21:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
OpenServer Insecure tmp Files Vulnerability
SECUNIA ADVISORY ID:
SA10039
VERIFY ADVISORY:
http://www.secunia.com/advisories/10039/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
SCO OpenServer 5.x
DESCRIPTION:
SCO has issued updated packages for OpenServer, which fix a
vulnerability possibly allowing malicious users to escalate their
privileges.
The problem is that several scripts create files in "/tmp" in an
insecure manner. This can potentially be exploited to manipulate
arbitrary files and escalate privileges.
The vulnerability only affects OpenServer 5.0.5.
SOLUTION:
Updated files are available from:
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/VOL.000.000
REPORTED BY / CREDITS:
Tomasz Kusmierz
ORIGINAL ADVISORY:
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/CSSA-2003-SCO.27.txt
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]