Description
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
Affected products
- sco / unixware7.0 – 7.0
- sco / unixware7.0.1 – 7.0.1
- sco / unixware7.1 – 7.1
- sco / unixware7.1.1 – 7.1.1
References
- MAILING_LISThttp://marc.info/?l=bugtraq&m=94581379905584&w=2
- MISChttp://www.securityfocus.com/bid/851
- MAILING_LISThttp://marc.info/?l=bugtraq&m=94530783815434&w=2
- MAILING_LISThttp://marc.info/?l=bugtraq&m=94606167110764&w=2
- MISChttp://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail%40nwcst289.netaddress.usa.net