Note: This is an archival copy of Security Sun Alert 200064 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000048.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
A security vulnerability in the logging mechanism for Solaris Management Console (SMC) may allow a local or remote unprivileged user to gain unauthorized root access to a Solaris system.
Sun acknowledges with thanks, Adam Gowdiak for bringing this issue to our attention.
This issue can occur in the following releases:
Note: The described issue only occurs if the SMC server is running on the system.
To determine if SMC is running on a system, the following command can be run (as 'root' on Solaris 8 and 9 systems and as any user on Solaris 10 systems):
for Solaris 8:
# /etc/init.d/init.wbem status Solaris Management Console server not running on port 898
for Solaris 9:
# /etc/init.d/init.wbem status Solaris Management Console server version 2.1.0 running on port 898
for Solaris 10:
$ svcs svc:/application/management/wbem STATE STIME FMRI online Apr_12 svc:/application/management/wbem:default
There are no predictable symptoms that would indicate the described issue has been exploited to gain unauthorized root access on a system.
To prevent this issue from occurring until the resolution patches can be applied, the SMC server can be stopped by issuing the following command as 'root' (note that this will remove the functionality of the SMC service on that host):
for Solaris 8 or 9:
# /etc/init.d/init.wbem stop
for Solaris 10:
# svcadm disable svc:/application/management/wbem
This solution has no attachment