Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: Solaris, privilege elevation via auditconfig |
| June 2009 by Vigil@nce |
| A local attacker with a RBAC execution profile can use auditconfig to elevate his privileges. |
| Severity: 1/4 Consequences: privileged access/rights Provenance: user shell Means of attack: 1 attack Ability of attacker: technician (2/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: medium (2/3) Creation date: 26/06/2009 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY A user with the "Audit Control" RBAC profile is allowed to run the /usr/sbin/auditconfig command. This command is used to read and set audit parameters of the kernel. The "-setasid", "-setaudit" and "-setauid" arguments of auditconfig execute commands with an indicated session-ID, term-ID or audit-ID. However, the execit() function of the usr/src/cmd/auditconfig/auditconfig.c file uses the SHELL environment variable to launch the command. A local attacker can therefore change this environment variable to force auditconfig to execute his wanted command. A local attacker with a RBAC execution profile can thus use auditconfig to elevate his privileges. CHARACTERISTICS Identifiers: 262088, 6414737, VIGILANCE-VUL-8826 http://vigilance.fr/vulnerability/Solaris-privilege-elevation-via-auditconfig-8826 |
< previous next > |
OpenSolaris
