Note: This is an archival copy of Security Sun Alert 200199 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000151.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
A security vulnerability in the authentication mechanism for Solaris Management Console (SMC) may allow a local or remote authenticated user to gain unauthorized root access to a Solaris system.
Sun acknowledges with thanks, Adam Gowdiak for bringing this issue to our attention.
This issue can occur in the following releases:
Note: The described issue will only occur if the Solaris Management Console (SMC) is running on the system.
To determine if SMC is running on a system, the following command can be run (as 'root' on Solaris 8 and 9 systems and as any user on Solaris 10 systems):
for Solaris 8:
# /etc/init.d/init.wbem status Solaris Management Console server not running on port 898
for Solaris 9:
# /etc/init.d/init.wbem status Solaris Management Console server version 2.1.0 running on port 898
for Solaris 10:
$ svcs svc:/application/management/wbem STATE STIME FMRI online Apr_12 svc:/application/management/wbem:default
There are no predictable symptoms that would indicate the described issue has been exploited to gain unauthorized root access on a system.
To prevent this issue from occurring until the resolution patches can be applied, the SMC server can be stopped by issuing the following command as 'root' (note that this will remove the functionality of the SMC service on that host):
For Solaris 8 and 9:
# /etc/init.d/init.wbem stop
For Solaris 10:
# svcadm disable svc:/application/management/wbem
This issue is addressed in the following releases:
This solution has no attachment