Description
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Jungseok Roh · textremotesolaris
https://www.exploit-db.com/exploits/19236
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=87602167419549&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/296
Scores
EPSS
0.0082
EPSS Percentile
74.6%
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (2)
sun/solaris
2.4
sun/sunos
5.4
Published
Aug 03, 1996
Tracked Since
Feb 18, 2026