Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4705393
Date of Resolved Release16-MAR-2005
Impact
A buffer overflow in newgrp(1) may allow a local unprivileged user the ability to gain root privileges.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 7 without patch 118737-01
-
Solaris 8 without patch 116993-01
-
Solaris 9 without patch 117445-01
x86 Platform
-
Solaris 7 without patch 118738-01
-
Solaris 8 without patch 116994-01
-
Solaris 9 without patch 117446-01
Note: Solaris 10 is not affected by this issue.
Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
Workaround
To work around the described issue, sites may wish to remove the "setuid" permissions from the newgrp(1) utility until patches can be applied to the system. This can be done by issuing the following command:
# chmod u-s /usr/bin/newgrp
Note: Removing the set-user-ID bit from the newgrp(1) utility will prevent unprivileged users from using the newgrp(1) command.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 7 with patch 118737-01 or later
-
Solaris 8 with patch 116993-01 or later
-
Solaris 9 with patch 117445-01 or later
x86 Platform
-
Solaris 7 with patch 118738-01 or later
-
Solaris 8 with patch 116994-01 or later
-
Solaris 9 with patch 117446-01 or later
Modification History
References
116994-01
116993-01
117445-01
117446-01
118738-01
118737-01
AttachmentsThis solution has no attachment