Note: This is an archival copy of Security Sun Alert 200026 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000021.1.
Article ID : 1000021.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-07
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

CVS Versions on all Sun Cobalt Legacy Products and Sun Linux 5.0.3 are Vulnerable to a "Double Free" Vulnerability



Category
Security

Release Phase
Resolved

Bug Id
4805870

Date of Workaround Release
05-FEB-2003

Date of Resolved Release
06-MAY-2003

Sun Cobalt Legacy products and Sun Linux 5.0.3 systems ...

1. Impact

A remote unprivileged user may be able execute arbitrary code on Sun Cobalt Legacy products and Sun Linux 5.0.3 systems acting as Concurrent Versions System (CVS) servers with the privileges of the CVS server process due to a "double-free" vulnerability in the CVS server. The CVS server process normally runs with root privileges.

For more information:


2. Contributing Factors

This issue can occur in the following releases:

Sun Cobalt

  • Sun Cobalt RaQ 2
  • Sun Cobalt RaQ 3
  • Sun Cobalt RaQ 4
  • Sun Cobalt RaQ 550
  • Sun Cobalt RaQ XTR
  • Sun Cobalt CacheRaQ 3
  • Sun Cobalt CacheRaQ 4
  • Sun Cobalt Qube 2
  • Sun Cobalt Qube 3

Sun Linux

  • Sun LX50 (Sun Linux 5.0.3)

3. Symptoms

There are no reliable symptoms that would show the described issue has been exploited.


4. Workaround

To work around the issue, disable the CVS server. Since Sun Cobalt products do not ship with CVS enabled and there is no standard startup script, the administrator of the host must determine where the CVS server is started and disable it.


5. Resolution

This issue is addressed in the following releases:

Sun Linux

Instructions for downloading the above packages can be found in in MyOracleSupport.

.

Product
Sun Cobalt RaQ 4 Server

Modification History
06-MAY-2003: Updated Resolution section. Resolved.






























Attachments
This solution has no attachment