« Sun Alert 102996... | Main | Sun Alert 102993... »
10 Jul 2007 Sun Alert 102978 Security Vulnerability in the rcp(1) Command May Allow Execution of Unintended Commands
posted by security in Alerts
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

A security vulnerability in the way the rcp(1) command invokes helper applications may allow a local unprivileged user (or a remote user in the case of shared filesystems) to create files with specially crafted file names which could lead to the execution of arbitrary commands with the privileges of a local user when that local user executes the rcp(1) command on the specially crafted file names.

Note: The scp(1) utility is also affected by this issue which is described in the following documents:

CVE-2006-0225 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225

Sun Alert 102961 at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1

Avoidance: Patch, Workaround
State: Resolved
First released: 10-Jul-2007
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1
Permalink | Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_102978_security_vulnerability
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 102996... | Main | Sun Alert 102993... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.