https://www.exploit-db.com/exploits/19232
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-015

Solaris的arp存在漏洞。本地用户通过-f参数读取文件，该参数能够列出文件中不能正确解析的行。

source: http://www.securityfocus.com/bid/291/info

The version of arp(8c) which shipped with versions of SunOs 4.1.X could be used to dump system memory by using the -f flag. This flag causes the file filename to be read and multiple entries to be set in the ARP tables. However, in this instance because of poor permission sets on /dev/kmem a user can specify the file to be read as /dev/kmem and therefore gain a dump of currently paged system memory. This could lead to a root compromise. 


$ arp -f /dev/kmem | strings > mem

来源:BID
名称:837
链接:http://www.securityfocus.com/bid/837
来源:OSVDB
名称:6994
链接:http://www.osvdb.org/6994