Note: This is an archival copy of Security Sun Alert 200026 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000021.1. |
Category Security Release Phase Resolved 4805870 Date of Workaround Release 05-FEB-2003 Date of Resolved Release 06-MAY-2003 Sun Cobalt Legacy products and Sun Linux 5.0.3 systems ... 1. Impact A remote unprivileged user may be able execute arbitrary code on Sun Cobalt Legacy products and Sun Linux 5.0.3 systems acting as Concurrent Versions System (CVS) servers with the privileges of the CVS server process due to a "double-free" vulnerability in the CVS server. The CVS server process normally runs with root privileges. For more information:
2. Contributing Factors This issue can occur in the following releases: Sun Cobalt
Sun Linux
3. Symptoms There are no reliable symptoms that would show the described issue has been exploited.
4. Workaround To work around the issue, disable the CVS server. Since Sun Cobalt products do not ship with CVS enabled and there is no standard startup script, the administrator of the host must determine where the CVS server is started and disable it.
5. Resolution This issue is addressed in the following releases: Sun Linux
Instructions for downloading the above packages can be found in . Product Sun Cobalt RaQ 4 Server Modification History 06-MAY-2003: Updated Resolution section. Resolved. Attachments This solution has no attachment |
|