Sun Solaris asppls(1M) creates temporary files insecurely, leading to possible local root compromise.
Sun Microsystems describes the function of asppls(1M) as follows:
aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point Protocol (PPP) for the Transmission of Multi-protocol Datagrams over Point-to-Point Links. It is a user level daemon that works in concert with the IP-Dialup driver (ipdcm) and PPP streams module ( ppp(7M)) to provide IP network services over an analog modem using dialed voice grade telephone lines. The link manager automates the process of connecting to a peer (remote) host when PPP service with that host is required. The connection process can be initiated either by sending an IP datagram to a (disconnected) peer host or by receiving a notification that a peer host desires to establish a connection. aspppls is the login service that connects the peer host machine to aspppd. aspppls is invoked by the serial port monitor when a peer machine logs into a PPP-enabled account. Its purpose is to cause the link manager to accept the incoming call.
A local attacker may be able to elevate his or her privileges.
Apply a patch.
Thanks to Sun Microsystems for creating the security bulletin upon which this document is based. Kevin Kotas, of eSecurityOnline is credited with discovering this vulnerability.
|Date First Published:||2002-09-27|
|Date Last Updated:||2003-04-15 13:59 UTC|