The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
Software | From | Fixed in |
---|---|---|
sun / sunos | 5.8 | 5.8.x |
sun / solaris | 8.0 | 8.0.x |
sun / solaris | 9.0 | 9.0.x |