Sun Security Blog
Security
|
10 Jul 2007
Sun Alert 102978 Security Vulnerability in the rcp(1) Command May Allow Execution of Unintended Commands
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System A security vulnerability in the way the rcp(1) command invokes helper applications may allow a local unprivileged user (or a remote user in the case of shared filesystems) to create files with specially crafted file names which could lead to the execution of arbitrary commands with the privileges of a local user when that local user executes the rcp(1) command on the specially crafted file names. Note: The scp(1) utility is also affected by this issue which is described in the following documents: CVE-2006-0225 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 Sun Alert 102961 at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1 Avoidance: Patch, Workaround State: Resolved First released: 10-Jul-2007
Permalink
|
Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_102978_security_vulnerability
Comments:
Post a Comment: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
