Note: This is an archival copy of Security Sun Alert 200292 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000218.1.
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
4705899, 4705911, 4704812, 4704824
Date of Resolved Release
Security vulnerabilities exist in the Solaris lpstat(1) command and the libprint library, the most serious of which may allow an unprivileged local user to gain root access to the system. Local unprivileged users may also be able to view, create or overwrite any file on the system.
This issue can occur in the following releases:
This issue only occurs if one of the following packages are installed:
There are no predictable symptoms that would show one of the described issues have been exploited.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Note: Some of the four issues were addressed in earlier versions of the patches 113329-02, 114980-02 and 106235-14.
This solution has no attachment