Note: This is an archival copy of Security Sun Alert 200176 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000130.1.
Article ID : 1000130.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-02-27
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Solaris admintool(1M) Media Installation Path Buffer Overflow



Category
Security

Release Phase
Resolved

Product
Solaris 2.5.1
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4447234

Date of Workaround Release
09-MAY-2002

Date of Resolved Release
28-FEB-2003

Impact

Unprivileged local users may be able to gain unauthorized root access due to a buffer overflow in admintool(1M).

This issue is described in the following eSecurityOnline bulletin:

	http://www.eSecurityOnline.com/advisories/eSO4123.asp


Contributing Factors

This issue can occur in the following releases:

SPARC Platforms

  • Solaris 2.5.1
  • Solaris 2.6 without patch 105800-08
  • Solaris 7 without patch 108721-05
  • Solaris 8 without patch 110453-04

x86 Platforms

  • Solaris 2.5.1
  • Solaris 2.6 without patch 105801-08
  • Solaris 7 without patch 108722-05
  • Solaris 8 without patch 110454-04

Note: Solaris 9 is not affected by this issue.


Symptoms

There are no symptoms that would show the described problem has been exploited to gain unauthorized root access to a host.


Workaround

As a workaround, remove the setuid bit from the admintool flle by doing the following

	# chmod u-s /usr/bin/admintool

Note: This will prevent non-root users from successfully executing admintool(1M) tasks on the system.


Resolution

This issue is addressed in the following releases:

SPARC Platforms

  • Solaris 2.6 with patch 105800-08 or later
  • Solaris 7 with patch 108721-05 or later
  • Solaris 8 with patch 110453-04 or later

x86 Platforms

  • Solaris 2.6 with patch 105801-08 or later
  • Solaris 7 with patch 108722-05 or later
  • Solaris 8 with patch 110454-04 or later

Note: Solaris 2.5.1 requires an upgrade to a later release.



Modification History
Date: 28-FEB-2003
  • State: Resolved (and Closed)
  • Updated Contributing Factors and Resolution sections



References

110454-04
108722-05
108721-05
105800-08
110453-04
105801-08




Attachments
This solution has no attachment