vulnerability
Solaris setuid programs allowed to dump core files
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:S/C:P/I:N/A:N) | Sep 5, 2018 | Sep 5, 2018 | Feb 18, 2025 |
Severity
2
CVSS
(AV:L/AC:M/Au:S/C:P/I:N/A:N)
Published
Sep 5, 2018
Added
Sep 5, 2018
Modified
Feb 18, 2025
Description
By default, when a program causes a segmentation violation or other fatal error, Solaris will write the program's memory contents to a 'core' file on the disk for debugging purposes. These core files may contain sensitive information that could aid attackers in obtaining elevated privileges. When setuid programs are allowed to dump their core files this can leak more sensitive information than typical programs.
Solution
solaris-check-coreadm
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.