vulnerability
Solaris setuid programs allowed to dump core files
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:S/C:P/I:N/A:N) | Sep 5, 2018 | Sep 5, 2018 | Feb 18, 2025 |
Severity
2
CVSS
(AV:L/AC:M/Au:S/C:P/I:N/A:N)
Published
Sep 5, 2018
Added
Sep 5, 2018
Modified
Feb 18, 2025
Description
By default, when a program causes a segmentation violation or other fatal error, Solaris will write the program's memory contents to a 'core' file on the disk for debugging purposes. These core files may contain sensitive information that could aid attackers in obtaining elevated privileges. When setuid programs are allowed to dump their core files this can leak more sensitive information than typical programs.
Solution
solaris-check-coreadm
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.