ID CVE-2009-1207
Summary Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:8:-:sparc
    cpe:2.3:o:sun:solaris:8:-:sparc
  • cpe:2.3:o:sun:solaris:9:-:sparc
    cpe:2.3:o:sun:solaris:9:-:sparc
  • cpe:2.3:o:sun:solaris:10:-:sparc
    cpe:2.3:o:sun:solaris:10:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_02:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_02:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_07:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_07:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_01:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_01:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_08:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_08:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_04:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_04:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_05:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_05:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_03:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_03:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_06:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_06:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_09:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_09:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_10:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_10:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_106:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_106:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_103:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_103:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_107:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_107:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_102:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_102:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_101:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_101:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_100:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_100:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_105:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_105:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_104:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_104:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_108:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_108:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_109:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_109:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_11:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_11:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_110:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_110:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_111:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_111:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_12:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_12:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_13:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_13:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_14:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_14:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_15:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_15:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_21:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_21:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_20:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_20:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_19:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_19:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_25:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_25:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_17:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_17:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_24:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_24:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_23:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_23:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_18:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_18:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_16:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_16:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_22:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_22:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_28:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_28:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_33:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_33:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_27:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_27:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_34:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_34:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_26:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_26:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_35:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_35:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_32:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_32:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_31:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_31:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_30:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_30:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_29:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_29:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_40:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_40:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_41:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_41:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_42:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_42:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_36:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_36:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_43:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_43:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_37:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_37:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_44:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_44:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_38:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_38:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_45:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_45:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_39:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_39:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_48:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_48:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_55:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_55:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_47:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_47:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_54:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_54:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_50:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_50:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_49:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_49:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_52:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_52:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_51:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_51:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_53:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_53:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_46:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_46:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_57:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_57:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_56:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_56:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_59:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_59:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_65:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_65:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_58:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_58:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_64:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_64:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_61:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_61:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_63:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_63:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_60:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_60:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_62:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_62:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_71:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_71:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_68:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_68:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_72:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_72:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_67:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_67:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_70:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_70:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_66:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_66:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_74:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_74:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_73:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_73:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_69:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_69:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_75:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_75:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_78:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_78:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_84:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_84:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_77:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_77:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_83:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_83:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_79:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_79:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_85:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_85:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_80:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_80:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_76:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_76:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_82:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_82:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_81:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_81:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_86:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_86:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_87:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_87:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_88:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_88:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_89:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_89:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_90:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_90:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_91:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_91:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_92:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_92:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_93:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_93:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_94:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_94:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_95:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_95:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_99:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_99:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_98:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_98:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_97:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_97:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_96:-:sparc
    cpe:2.3:o:sun:opensolaris:snv_96:-:sparc
  • cpe:2.3:o:sun:opensolaris:snv_55:-:x86
    cpe:2.3:o:sun:opensolaris:snv_55:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_57:-:x86
    cpe:2.3:o:sun:opensolaris:snv_57:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_110:-:x86
    cpe:2.3:o:sun:opensolaris:snv_110:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_109:-:x86
    cpe:2.3:o:sun:opensolaris:snv_109:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_56:-:x86
    cpe:2.3:o:sun:opensolaris:snv_56:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_108:-:x86
    cpe:2.3:o:sun:opensolaris:snv_108:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_59:-:x86
    cpe:2.3:o:sun:opensolaris:snv_59:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_58:-:x86
    cpe:2.3:o:sun:opensolaris:snv_58:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_61:-:x86
    cpe:2.3:o:sun:opensolaris:snv_61:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_60:-:x86
    cpe:2.3:o:sun:opensolaris:snv_60:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_107:-:x86
    cpe:2.3:o:sun:opensolaris:snv_107:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_48:-:x86
    cpe:2.3:o:sun:opensolaris:snv_48:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_47:-:x86
    cpe:2.3:o:sun:opensolaris:snv_47:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_50:-:x86
    cpe:2.3:o:sun:opensolaris:snv_50:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_49:-:x86
    cpe:2.3:o:sun:opensolaris:snv_49:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_52:-:x86
    cpe:2.3:o:sun:opensolaris:snv_52:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_51:-:x86
    cpe:2.3:o:sun:opensolaris:snv_51:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_54:-:x86
    cpe:2.3:o:sun:opensolaris:snv_54:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_53:-:x86
    cpe:2.3:o:sun:opensolaris:snv_53:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_40:-:x86
    cpe:2.3:o:sun:opensolaris:snv_40:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_41:-:x86
    cpe:2.3:o:sun:opensolaris:snv_41:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_42:-:x86
    cpe:2.3:o:sun:opensolaris:snv_42:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_43:-:x86
    cpe:2.3:o:sun:opensolaris:snv_43:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_44:-:x86
    cpe:2.3:o:sun:opensolaris:snv_44:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_45:-:x86
    cpe:2.3:o:sun:opensolaris:snv_45:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_46:-:x86
    cpe:2.3:o:sun:opensolaris:snv_46:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_33:-:x86
    cpe:2.3:o:sun:opensolaris:snv_33:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_34:-:x86
    cpe:2.3:o:sun:opensolaris:snv_34:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_35:-:x86
    cpe:2.3:o:sun:opensolaris:snv_35:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_36:-:x86
    cpe:2.3:o:sun:opensolaris:snv_36:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_37:-:x86
    cpe:2.3:o:sun:opensolaris:snv_37:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_38:-:x86
    cpe:2.3:o:sun:opensolaris:snv_38:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_39:-:x86
    cpe:2.3:o:sun:opensolaris:snv_39:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_28:-:x86
    cpe:2.3:o:sun:opensolaris:snv_28:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_27:-:x86
    cpe:2.3:o:sun:opensolaris:snv_27:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_26:-:x86
    cpe:2.3:o:sun:opensolaris:snv_26:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_25:-:x86
    cpe:2.3:o:sun:opensolaris:snv_25:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_32:-:x86
    cpe:2.3:o:sun:opensolaris:snv_32:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_31:-:x86
    cpe:2.3:o:sun:opensolaris:snv_31:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_30:-:x86
    cpe:2.3:o:sun:opensolaris:snv_30:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_29:-:x86
    cpe:2.3:o:sun:opensolaris:snv_29:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_21:-:x86
    cpe:2.3:o:sun:opensolaris:snv_21:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_20:-:x86
    cpe:2.3:o:sun:opensolaris:snv_20:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_19:-:x86
    cpe:2.3:o:sun:opensolaris:snv_19:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_24:-:x86
    cpe:2.3:o:sun:opensolaris:snv_24:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_23:-:x86
    cpe:2.3:o:sun:opensolaris:snv_23:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_22:-:x86
    cpe:2.3:o:sun:opensolaris:snv_22:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_15:-:x86
    cpe:2.3:o:sun:opensolaris:snv_15:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_13:-:x86
    cpe:2.3:o:sun:opensolaris:snv_13:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_14:-:x86
    cpe:2.3:o:sun:opensolaris:snv_14:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_18:-:x86
    cpe:2.3:o:sun:opensolaris:snv_18:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_16:-:x86
    cpe:2.3:o:sun:opensolaris:snv_16:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_17:-:x86
    cpe:2.3:o:sun:opensolaris:snv_17:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_08:-:x86
    cpe:2.3:o:sun:opensolaris:snv_08:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_09:-:x86
    cpe:2.3:o:sun:opensolaris:snv_09:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_06:-:x86
    cpe:2.3:o:sun:opensolaris:snv_06:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_07:-:x86
    cpe:2.3:o:sun:opensolaris:snv_07:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_11:-:x86
    cpe:2.3:o:sun:opensolaris:snv_11:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_12:-:x86
    cpe:2.3:o:sun:opensolaris:snv_12:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_10:-:x86
    cpe:2.3:o:sun:opensolaris:snv_10:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_03:-:x86
    cpe:2.3:o:sun:opensolaris:snv_03:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_103:-:x86
    cpe:2.3:o:sun:opensolaris:snv_103:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_02:-:x86
    cpe:2.3:o:sun:opensolaris:snv_02:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_05:-:x86
    cpe:2.3:o:sun:opensolaris:snv_05:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_04:-:x86
    cpe:2.3:o:sun:opensolaris:snv_04:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_01:-:x86
    cpe:2.3:o:sun:opensolaris:snv_01:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_104:-:x86
    cpe:2.3:o:sun:opensolaris:snv_104:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_78:-:x86
    cpe:2.3:o:sun:opensolaris:snv_78:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_77:-:x86
    cpe:2.3:o:sun:opensolaris:snv_77:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_105:-:x86
    cpe:2.3:o:sun:opensolaris:snv_105:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_106:-:x86
    cpe:2.3:o:sun:opensolaris:snv_106:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_79:-:x86
    cpe:2.3:o:sun:opensolaris:snv_79:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_74:-:x86
    cpe:2.3:o:sun:opensolaris:snv_74:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_73:-:x86
    cpe:2.3:o:sun:opensolaris:snv_73:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_76:-:x86
    cpe:2.3:o:sun:opensolaris:snv_76:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_75:-:x86
    cpe:2.3:o:sun:opensolaris:snv_75:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_85:-:x86
    cpe:2.3:o:sun:opensolaris:snv_85:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_84:-:x86
    cpe:2.3:o:sun:opensolaris:snv_84:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_86:-:x86
    cpe:2.3:o:sun:opensolaris:snv_86:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_81:-:x86
    cpe:2.3:o:sun:opensolaris:snv_81:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_80:-:x86
    cpe:2.3:o:sun:opensolaris:snv_80:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_83:-:x86
    cpe:2.3:o:sun:opensolaris:snv_83:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_82:-:x86
    cpe:2.3:o:sun:opensolaris:snv_82:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_71:-:x86
    cpe:2.3:o:sun:opensolaris:snv_71:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_100:-:x86
    cpe:2.3:o:sun:opensolaris:snv_100:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_72:-:x86
    cpe:2.3:o:sun:opensolaris:snv_72:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_101:-:x86
    cpe:2.3:o:sun:opensolaris:snv_101:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_70:-:x86
    cpe:2.3:o:sun:opensolaris:snv_70:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_102:-:x86
    cpe:2.3:o:sun:opensolaris:snv_102:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_68:-:x86
    cpe:2.3:o:sun:opensolaris:snv_68:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_67:-:x86
    cpe:2.3:o:sun:opensolaris:snv_67:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_66:-:x86
    cpe:2.3:o:sun:opensolaris:snv_66:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_65:-:x86
    cpe:2.3:o:sun:opensolaris:snv_65:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_64:-:x86
    cpe:2.3:o:sun:opensolaris:snv_64:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_63:-:x86
    cpe:2.3:o:sun:opensolaris:snv_63:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_62:-:x86
    cpe:2.3:o:sun:opensolaris:snv_62:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_69:-:x86
    cpe:2.3:o:sun:opensolaris:snv_69:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_87:-:x86
    cpe:2.3:o:sun:opensolaris:snv_87:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_88:-:x86
    cpe:2.3:o:sun:opensolaris:snv_88:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_92:-:x86
    cpe:2.3:o:sun:opensolaris:snv_92:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_91:-:x86
    cpe:2.3:o:sun:opensolaris:snv_91:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_90:-:x86
    cpe:2.3:o:sun:opensolaris:snv_90:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_89:-:x86
    cpe:2.3:o:sun:opensolaris:snv_89:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_96:-:x86
    cpe:2.3:o:sun:opensolaris:snv_96:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_95:-:x86
    cpe:2.3:o:sun:opensolaris:snv_95:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_94:-:x86
    cpe:2.3:o:sun:opensolaris:snv_94:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_93:-:x86
    cpe:2.3:o:sun:opensolaris:snv_93:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_99:-:x86
    cpe:2.3:o:sun:opensolaris:snv_99:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_97:-:x86
    cpe:2.3:o:sun:opensolaris:snv_97:-:x86
  • cpe:2.3:o:sun:opensolaris:snv_98:-:x86
    cpe:2.3:o:sun:opensolaris:snv_98:-:x86
  • cpe:2.3:o:sun:solaris:8:-:x86
    cpe:2.3:o:sun:solaris:8:-:x86
  • cpe:2.3:o:sun:solaris:9:-:x86
    cpe:2.3:o:sun:solaris:9:-:x86
  • cpe:2.3:o:sun:solaris:10:-:x86
    cpe:2.3:o:sun:solaris:10:-:x86
CVSS
Base: 4.4 (as of 01-04-2009 - 11:11)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_138896.NASL
    description SunOS 5.9: usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 38075
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38075
    title Solaris 9 (sparc) : 138896-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141015.NASL
    description SunOS 5.10_x86: /usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 37297
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37297
    title Solaris 10 (x86) : 141015-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_138897.NASL
    description SunOS 5.9_x86: usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 37711
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37711
    title Solaris 9 (x86) : 138897-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141014.NASL
    description SunOS 5.10: /usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 36861
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36861
    title Solaris 10 (sparc) : 141014-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_140838.NASL
    description SunOS 5.8_x86: usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 37644
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37644
    title Solaris 8 (x86) : 140838-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_140837.NASL
    description SunOS 5.8: usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 36494
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36494
    title Solaris 8 (sparc) : 140837-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141014-01.NASL
    description SunOS 5.10: /usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 107525
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107525
    title Solaris 10 (sparc) : 141014-01
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141015-01.NASL
    description SunOS 5.10_x86: /usr/bin/dircmp patch. Date this patch was last updated by Sun : Mar/19/09
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 108023
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108023
    title Solaris 10 (x86) : 141015-01
oval via4
accepted 2009-05-18T04:00:26.719-04:00
class vulnerability
contributors
name Pai Peng
organization Hewlett-Packard
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
family unix
id oval:org.mitre.oval:def:6183
status accepted
submitted 2009-04-02T11:13:52.000-04:00
title A Security Vulnerability in the Solaris dircmp(1) Shell Script may Allow Overwriting of Arbitrary Files
version 30
refmap via4
bid 34316
confirm http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm
misc http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1
secunia
  • 34558
  • 34813
sunalert 253468
vupen ADV-2009-1105
xf solaris-dircmp-file-overwrite(49526)
Last major update 21-08-2010 - 01:31
Published 01-04-2009 - 06:30
Last modified 28-09-2017 - 21:34
Back to Top