Vigil@nce: Sun SNMP Management Agent, file edition
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can use Sun SNMP Management Agent in order to
alter a file with root privileges.
Gravity: 2/4
Consequences: data reading
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/12/2008
IMPACTED PRODUCTS
– Sun Solaris
– Sun Trusted Solaris
DESCRIPTION OF THE VULNERABILITY
The Sun SNMP Management Agent (SUNWmasf) product is used to
administer a computer.
Sun SNMP Management Agent uses a temporary file. However, this
file is opened without checking if it is a symbolic link. A local
attacker can therefore previously create a link in order to force
the product (which runs as root) to work on another file.
A local attacker can therefore use Sun SNMP Management Agent in
order to alter a file with root privileges.
CHARACTERISTICS
Identifiers: 248646, 6730690, BID-33014, CVE-2008-5746,
VIGILANCE-VUL-8359