Advisory #: 215
Title: The Solaris 11 utility nsdb-convert and other fedfs scripts use temporary files insecurely
Author: Larry W. Cashdollar
Date: 2020-10-20
CVE-ID:[CVE-2020-14759]
CWE:
Download Site: https://docs.oracle.com/cd/E86824_01/html/E54764/nsdb-convert-1m.html
Vendor: Oracle
Vendor Notified: 2020-02-24
Vendor Contact: security@oracle.com
Advisory:
Description: nsdb-convert is a script which may be used to convert the contents of a Oracle Solaris 11 format FedFS NSDB to the format supported by the current Oracle Solaris release.
Vulnerability:
The utility /usr/sbin/nsdb-convert uses /tmp insecurely. 87: echo $value | $base64 -d > /tmp/xdr$$ 88: path=`$xdr2path /tmp/xdr$$` 89: rm /tmp/xdr$$ 181:backup=/tmp/nsdb_preconversion 226: > /tmp/slapadd.out 2>&1 229: cat /tmp/slapadd.out
Export: JSON TEXT XML
Exploit Code:
  1.  
Screen Shots:
Notes: