Vulnerabilities > CVE-2002-2374 - Race Condition vulnerability in SUN Patchpro 2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS8_113176.NASL description PatchPro patch engine corrections. Date this patch was last updated by Sun : Dec/17/03 last seen 2016-09-26 modified 2011-09-18 plugin id 23353 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23353 title Solaris 5.8 (sparc) : 113176-03 NASL family Solaris Local Security Checks NASL id SOLARIS7_113176.NASL description PatchPro patch engine corrections. Date this patch was last updated by Sun : Dec/17/03 last seen 2016-09-26 modified 2011-09-18 plugin id 23256 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23256 title Solaris 5.7 (sparc) : 113176-03 NASL family Solaris Local Security Checks NASL id SOLARIS26_113176.NASL description PatchPro patch engine corrections. Date this patch was last updated by Sun : Dec/17/03 last seen 2016-09-26 modified 2011-09-18 plugin id 23162 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23162 title Solaris 5.6 (sparc) : 113176-03 NASL family Solaris Local Security Checks NASL id SOLARIS9_113176.NASL description PatchPro patch engine corrections. Date this patch was last updated by Sun : Dec/17/03 last seen 2016-09-26 modified 2011-09-18 plugin id 23487 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23487 title Solaris 5.9 (sparc) : 113176-03