Note: This is an archival copy of Security Sun Alert 200299 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000224.1.
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
A security vulnerability in the multilanguage environment library, "libmle" (shipped with the Japanese locale) may allow a local unprivileged user to be able to execute arbitrary code or commands with elevated privileges. The code or commands executed by the user would run with the privileges of the application dynamically linked to the libmle library.
This issue can occur in the following releases:
To check if the SUNWjbcp package is installed, the following command can be run:
$ pkginfo SUNWjbcp system SUNWjbcp Japanese (EUC) SunOS 4.x Binary Compatibility
To check if "/usr/4lib/libmle.so" is a link to the Japanese BCP libmle library, the "file -h" command can be run as in the following example:
$ file -h /usr/4lib/libmle.so* /usr/4lib/libmle.so.1.4: symbolic link to locale/ja/libmle.so.1.4
To check if an application is linked with the BCP libmle library, the ldd(1) command can be used. In the output, a line listing "/usr/4lib/libmle.so" indicates that the application uses the BCP libmle library and is a BCP application.
To check if the kkcv or ccv processes are running, both of which can be vulnerable to this issue, the following command can be run:
$ ps -fe | egrep 'kkcv|ccv'
There are no symptoms that would indicate the described issue has been exploited to gain unauthorized root access to a system.
If programs that are compiled on Japanese SunOS 4.x will not be used on the system, the SUNWjbcp package can be removed with the following command:
# pkgrm SUNWjbcp
This issue is addressed in the following releases:
This solution has no attachment