CERT-In Vulnerability Note CIVN-2008-75
Vulnerability in Solaris Corntab
Original Issue Date:
June 06, 2008
Severity Rating:
Low
System Affected
- Solaris 8
- Solaris 9
- Solaris 10
- OpenSolaris based upon builds snv_01 through snv_91
Overview
Vulnerability in the Solaris crontab utility has been reported which may allow local unprivileged user to execute arbitrary code.
Description
A Vulnerability has been reported in corntab utility of Solaris operating System. The Cron is a time-based scheduling service in Solaris. A local unprivileged user can inject Cron jobs into another local user's crontab file that leads to execution of malicious code with the privileges of that user.
Solutions
Apply appropriate patches as recommended by Vendor:
- SPARC Platform
- Solaris 8 with patch 109007-26 or later
- Solaris 9 with patch 122300-27 or later
- Solaris 10 with patch 137017-02 or later
- OpenSolaris based upon builds snv_92 or later
- x86 Platform
- Solaris 8 with patch 109008-26 or later
- Solaris 9 with patch 122301-27 or later
- Solaris 10 with patch 137018-02 or later
- OpenSolaris based upon builds snv_92 or later
Vendor Information
SUN
http://sunsolve.sun.com/search/printfriendly.do?assetkey
=1-66-237864-1
References
FrSIRT
http://www.frsirt.com/english/advisories/2008/1714
Secunia
http://secunia.com/advisories/30482/
SecurityTracker
http://www.securitytracker.com/alerts/2008/Jun/1020151.html
CVE
CVE 2008-2538 Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
