Title: SCO Unixware pis/mkpis Symbolic Link Vulnerability
Severity: MODERATE
Description:
It is possible to create arbitrary files owned by group sys through exploiting symlink vulnerabilities in UnixWare's mkpis and pis binaries. mkpis/pis will create a temporary file (/tmp/pisdata) owned by group sys when run, without determining whether the temporary file exists already and/or links to other places. mkpis/pis will follow syminks and overwrite files linked to where possible. /sbin is writeable by group sys, making it possible to overwrite certain binaries with malicious versions to be executed by root (/sbin is first in $PATH) at a later time possibly leading to a system-wide compromise.
Affected Products:
- SCO Unixware 7.1.0
References:
- SCO: Vendor Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
