Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4705899, 4705911, 4704812, 4704824
Date of Resolved Release12-DEC-2003
Impact
Security vulnerabilities exist in the Solaris lpstat(1) command and the libprint library, the most serious of which may allow an unprivileged local user to gain root access to the system. Local unprivileged users may also be able to view, create or overwrite any file on the system.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 2.6 without patch 106235-14
-
Solaris 7 without patch 107115-13
-
Solaris 8 without patch 109320-07
-
Solaris 9 without patch 113329-02
x86 Platform
-
Solaris 2.6 without patch 106236-13
-
Solaris 7 without patch 107116-13
-
Solaris 8 without patch 109321-07
-
Solaris 9 without patch 114980-02
This issue only occurs if one of the following packages are installed:
-
SUNWpcr
-
SUNWpcu
-
SUNWpsr
-
SUNWpsu
Symptoms
There are no predictable symptoms that would show one of the described issues have been exploited.
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 2.6 with patch 106235-14 or later
-
Solaris 7 with patch 107115-13 or later
-
Solaris 8 with patch 109320-07 or later
-
Solaris 9 with patch 113329-02 or later
x86 Platform
-
Solaris 2.6 with patch 106236-13 or later
-
Solaris 7 with patch 107116-13 or later
-
Solaris 8 with patch 109321-07 or later
-
Solaris 9 with patch 114980-02 or later
Note: Some of the four issues were addressed in earlier versions of the patches 113329-02, 114980-02 and 106235-14.
Modification History
Date: 23-DEC-2003
-
Updated Contributing Factors
References
106235-14
107115-13
109320-07
113329-02
106236-13
107116-13
109321-07
114980-02
AttachmentsThis solution has no attachment