martin carpenter

contents

most popular
2012/05/05, updated 2012/12/15
ubuntu unity lens for vim
2010/04/14
ckwtmpx

sun cluster vulnerability

2009/09/22

tags: solaris cluster vulnerability clsetup(1CL) CVE-2009-3433

exploit details

Weak vulnerability, trivially exploitable: clsetup is a setuid root ksh script, world read/executable. Solaris' kernel makes no restriction on setuid scripts (although there are some restrictions in individual shipped interpreters, eg /bin/csh).

timeline

advisories