CVE-2002-1871

Name of the Vulnerable Software and Affected Versions Sun Solaris versions 2.5.1 through 8

Description The issue allows attackers to elevate privileges by exploiting the pkgadd installation process in Sun Solaris. This occurs when the pkgmap file contains a question mark in the mode, owner, or group fields, resulting in files being installed setuid/setgid root.

Recommendations For Sun Solaris versions 2.5.1 through 8, consider restricting the use of pkgadd until a proper fix is applied, and ensure that pkgmap files are carefully validated to prevent the installation of files with elevated privileges.