Solaris ps Command Symlink Arbitrary File Overwrite
Local Access Required
Loss of Integrity
The ps program in Sun Solaris contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when the program creates the 'ps_data' file with root permission in the /tmp directory, which is world-writeable. It is possible that the flaw may allow a malicious user to create a symlink from a malicious file, which could be overwritten when the application is executed resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.