VULHUB ™

The Sun Management Center (SMC) is an integrated system management software package distributed by Sun. It is packaged with recent releases of the Solaris 8 operating system. The script that starts smcboot does not perform adequate checks prior to attempting to create a directory in /tmp. A directory is created in /tmp to store information for SMC using the smc$PORT name, where port is the TCP port the server listens on; 898 in a default installation. The script does not check for the existence of a previously smc$PORT directory. It is possible to create a symbolic link using the smc$PORT name, and link it to an arbitrary directory. As the smcboot program is run as root, this could result in the overwriting or destruction of files at the end of the symbolic link.

The Sun Management Center (SMC) is an integrated system management software package distributed by Sun. It is packaged with recent releases of the Solaris 8 operating system. The script that starts smcboot does not perform adequate checks prior to attempting to create a directory in /tmp. A directory is created in /tmp to store information for SMC using the smc$PORT name, where port is the TCP port the server listens on; 898 in a default installation. The script does not check for the existence of a previously smc$PORT directory. It is possible to create a symbolic link using the smc$PORT name, and link it to an arbitrary directory. As the smcboot program is run as root, this could result in the overwriting or destruction of files at the end of the symbolic link.