CVE-2009-1207 — Race Condition in Opensolaris

CWE-362 — Race Condition3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 89.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Opensolaris SUN Solaris

Timeline

PublishedApr 1

Latest updateMay 2

Description

Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/opensolaris111 versions+110

▶NVDsun/solaris10, 8, 9+2

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-r2w4-h757-2m5g: Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary fil↗2022-05-02

▶

CVEList

CVE-2009-1207: Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary fil↗2009-04-01

▶