Phase:Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
ReferencesBUGTRAQ:Tuesday, November 30, 1999 Solaris 2.x chkperm/arp vulnerabilities | BID:837 | URL:http://www.securityfocus.com/bid/837
Votes:Proposed (Wednesday, December 08, 1999)
Comments: ACCEPT(2) Armstrong, Stracener | MODIFY(2) Frech, Dik | NOOP(2) Baker, Christey | REJECT(1) Cole | REVIEWING(1) Prosser
F7: Cole> This is the same as the pervious. | Frech> XF:sol-chkperm-vmsys | Dik> include reference to Sun bug 4296167 | Christey> Remove BID:837, which is for arp, not chkperm