CVE-2004-0481

Name of the Vulnerable Software and Affected Versions KCMS package versions on Solaris 8 and 9

Description The logging feature in kcms configure has an issue that allows local users to corrupt arbitrary files via a symlink attack on the KCS ClogFile file.

Recommendations For KCMS package versions on Solaris 8 and 9, consider restricting access to the logging feature in kcms configure to prevent arbitrary file corruption until a fix is available. As a temporary workaround, consider disabling the logging feature in kcms configure to minimize the risk of exploitation.