CVE-1999-1426

Description

Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.

Affected products

• sun / solstice_adminsuite2.1 – 2.1
• sun / solstice_adminsuite2.1 – 2.1
• sun / solstice_adminsuite2.2 – 2.2
• sun / solstice_adminsuite2.2 – 2.2

References

• MISChttp://www.securityfocus.com/bid/208
• MISChttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145