[18221] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Solaris patchadd(1) (3) symlink vulnerabilty

daemon@ATHENA.MIT.EDU (Matthew Potter)
Wed Dec 20 16:32:27 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id:  <3.0.6.32.20001219195642.007cf250@access.atpco.com>
Date:         Tue, 19 Dec 2000 19:56:42 -0500
Reply-To: Matthew Potter <mpotter@ATPCO.COM>
From: Matthew Potter <mpotter@ATPCO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <IKEFLKCEOKCBIHKAELIEAEFMCDAA.jfortin@revelex.com>

Solutions:

Well it is good policy to add patches in single user mode IF YOU CAN. I
recall seeing a warning in "install_cluster" to install in single usermode
if you can.... Maybe that was a while ago when they used to have "jumbo"
patches.

1) init S
2) patchadd



>
>Race Condition
>remote NO
>local YES
>
>Vulnerable: I only checked Solaris 2.7 sparc with latest install_cluster

what arch? sun4u?
uname -a ?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18221] in bugtraq

Re: Solaris patchadd(1) (3) symlink vulnerabilty

daemon@ATHENA.MIT.EDU (Matthew Potter)Wed Dec 20 16:32:27 2000

daemon@ATHENA.MIT.EDU (Matthew Potter)
Wed Dec 20 16:32:27 2000