Title: Sun Solaris conv_fix Unspecified File Overwrite Vulnerability
Severity: MODERATE
Description:
Sun has reported an unspecified vulnerability due to the '/usr/lib/print/conv_fix' command invoked by conv_lpd(1M) script on Solaris that may permit local attackers to gain elevated privileges and/or cause a denial of service condition. It has been reported if conv_lpd(1M) script is executed as root, local users may be able to create or overwrite any file on a vulnerable system. Successful exploitation of this issue may allow a local attacker to gain elevated privileges leading to full compromise of a vulnerable system. The attacker may also cause a denial of service condition on the system if critical files are overwritten.
This issue appears to be due to unsafe use of the fopen() function. Though unconfirmed, this may be related to insecure temporary file creation, allowing for symbolic link attacks. Few technical details are available at this time. This BID will be updated as further information is made available.
Affected Products:
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
- Sun Solaris 8
- Sun Solaris 8_x86
- Sun Solaris 9
- Sun Solaris 9_x86
References:
- Sun: Sun Alert ID: 57509
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
