CVE-2008-1684 — Link Following in Solaris

CWE-59 — Link Following CWE-362 — Race Condition4 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 94.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris

Timeline

PublishedApr 6

Latest updateMay 1

Description

inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file.

CVSS vector

AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9

Affected Packages1 packages

▶NVDsun/solaris10

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-7fmv-j8g9-pp43: inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd↗2022-05-01

▶

CVEList

CVE-2008-1684: inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd↗2008-04-06

▶

💥Exploits & PoCs

Exploit-DB

Dart Communications PowerTCP FTP module - Remote Buffer Overflow↗2008-10-20

▶