Note: This is an archival copy of Security Sun Alert 200250 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000197.1.
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in the "/lib/svc/method/net-svc" script may allow a remote privileged user the ability to execute arbitrary code with "root" privileges on a "DHCP" client system if the remote user has access to a system within the network or subnet which is used by the host for "DHCP" requests.
This issue can occur in the following releases:
Note: Solaris 8, and Solaris 9 are not impacted by this issue.
Only systems configured as a "DHCP" client are vulnerable to this issue. If a system is configured as a "DHCP" client, the "netstat -D" command will produce output similar to the following:
# netstat -D Interface State Sent Recv Declined Flags bge0 BOUND 1 1 0 (Began, Expires, Renew) = (08/15/2005 16:00, 08/15/2005 20:00, 08/15/2005 17:57)
There are no predictable symptoms that would indicate the described issue has occurred.
To prevent the described issue from occurring until patches can be applied, the following workaround can be used:
1. Use the sys-unconfig(1M)command to unconfigure the system.
2. On the subsequent reboot, configure the system to use a "static IP" address instead of "DHCP".
This issue is addressed in the following releases:
This solution has no attachment