[eddie5659]

Hiya

Sun Solaris Unix domain socket has insecure access permissions

The Unix domain socket implementation in Sun Solaris versions 2.5, 2.5.1, and 2.6 and possibly other BSD or Unix-based operating systems has insecure access permissions, which allow unauthorized access. A local attacker could exploit this vulnerability by connecting to the socket to disrupt or control the application it is connected to.


Platforms Affected:
FreeBSD: All Versions
Solaris 2.5
Solaris 2.5.1
Solaris 2.6

http://xforce.iss.net/static/7172.php

Sun Solaris aspppd /tmp/.asppp.fifo file symlink attack

Sun Solaris versions 2.4, 2.5, and 2.5.1 could allow a local attacker to launch a symlink attack, caused by a vulnerability in the aspppd tool. Aspppd creates the /tmp/.asppp.fifo file in the /tmp directory insecurely. A local attacker could use this vulnerability to create a symbolic link in the /tmp directory to modify arbitrary files and gain root privileges on the system.


Platforms Affected:
Solaris 2.4
Solaris 2.5
Solaris 2.5.1

http://xforce.iss.net/static/7173.php

DFS login could allow unauthorized access to resources if users are in too many groups

Transarc DCE version 1.1 running the Distributed File System (DFS) could allow a local attacker to gain unauthorized access to resources, caused by a vulnerability in the integrated login. If a local attacker were to be placed into too many groups (exceeds NGROUPS_MAX-1), the groups in the DCE registry and in /etc/group would have an incorrect grouplist at login.


Platforms Affected:
Solaris 2.4
Solaris 2.5
Transarc DCE/DFS 1.1

http://xforce.iss.net/static/7154.php

Regards

eddie