CVE-2010-1183 - Improper Link Resolution Before File Access ('Link Following')

Severity

32%

Complexity

34%

Confidentiality

81%

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N).

Overview

First reported 14 years ago

2010-03-29 22:30:00

Last updated 6 years ago

2018-10-10 19:56:00

Affected Software

Sun Solaris

References

20100324 Symlink attack with Solaris Update manager

20100324 Symlink attack with Solaris Update manager and Sun Patch Cluster

38928

solaris-update-manager-multiple-symlink(57149)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.