Note: This is an archival copy of Security Sun Alert 200211 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000162.1.
Article ID : 1000162.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-04-23
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

The Solaris Management Console (SMC) Enables TRACE HTTP by Default

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
5090761

Impact

The Solaris Management Console (smc(1M)) is a graphical user interface that provides access to Solaris system administration tools which includes a web server that runs on port 898. This SMC web server enables the HTTP TRACE method by default which may allow a local or remote unprivileged user the ability to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of an HTTP TRACE request.

This issue is described in the CERT Vulnerability VU#867593 (see http://www.kb.cert.org/vuls/id/867593).

Note: The HTTP TRACE method asks a web server to echo the contents of the request back to the client for debugging purposes. The HTTP TRACE method is described in the HTTP 1.1 standard (RFC 2616, section 9.8). The TRACE method is enabled by default in Solaris Management Console (SMC) webserver.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 111313-03
  • Solaris 9 without patch 116807-02
  • Solaris 10 without patch 121308-01

x86 Platform

  • Solaris 8 without patch 111314-03
  • Solaris 9 without patch 116808-02
  • Solaris 10 without patch 121309-01

The described issue only occurs if the Solaris Management Console (smc(1M)) is running on the system.

This can be determined by running the following command as the "root" user:

    # /etc/init.d/init.wbem status
    Solaris Management Console server not running on port 898
# /etc/init.d/init.wbem status
Solaris Management Console server version 2.1.0 running on port 898

Symptoms

There are no predictable symptoms that would indicate the described issue has occurred.


Workaround

The Trace method cannot be turned off. To workaround this issue until patches can be applied, sites may disable the Solaris Management Console (smc(1M)) by running the following command as the root user:

To stop the running of the smc(1M) server:

    # /etc/init.d/init.wbem stop

To prevent the smc(1M) server from starting upon successive reboots:

    # mv /etc/rc2.d/S90wbem /etc/rc2.d/disabled-S90wbem

 


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 111313-03 or later
  • Solaris 9 with patch 116807-02 or later
  • Solaris 10 with patch 121308-01 or later

x86 Platform

  • Solaris 8 with patch 111314-03 or later
  • Solaris 9 with patch 116808-02 or later
  • Solaris 10 with patch 121309-01 or later


Modification History
Date: 28-NOV-2005
  • Updated Contributing Factors and Resolution sections

Date: 23-DEC-2005
  • State: Resolved
  • Updated Contributing Factors and Relief/Workaround sections


References

116807-02
116808-02
121308-01
121309-01
111313-03
111314-03




Attachments
This solution has no attachment