VULHUB ™

It is possible to create arbitrary files owned by group sys through exploiting symlink vulnerabilities in UnixWare's mkpis and pis binaries. mkpis/pis will create a temporary file (/tmp/pisdata) owned by group sys when run, without determining whether the temporary file exists already and/or links to other places. mkpis/pis will follow syminks and overwrite files linked to where possible. /sbin is writeable by group sys, making it possible to overwrite certain binaries with malicious versions to be executed by root (/sbin is first in $PATH) at a later time possibly leading to a system-wide compromise.

It is possible to create arbitrary files owned by group sys through exploiting symlink vulnerabilities in UnixWare's mkpis and pis binaries. mkpis/pis will create a temporary file (/tmp/pisdata) owned by group sys when run, without determining whether the temporary file exists already and/or links to other places. mkpis/pis will follow syminks and overwrite files linked to where possible. /sbin is writeable by group sys, making it possible to overwrite certain binaries with malicious versions to be executed by root (/sbin is first in $PATH) at a later time possibly leading to a system-wide compromise.