Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4705157
Date of Resolved Release06-DEC-2004
Impact
A security vulnerability in the in.rwhod(1M) daemon may allow a remote privileged user to execute arbitrary code with "root" privileges when the in.rwhod(1M) daemon is enabled on the system.
Note: in.rwhod(1M) is not enabled by default.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 7 without patch 118239-01
-
Solaris 8 without patch 116984-01
-
Solaris 9 without patch 117455-01
x86 Platform
-
Solaris 7 without patch 118240-01
-
Solaris 8 without patch 116985-01
-
Solaris 9 without patch 117456-01
A system is only vulnerable to this issue if the in.rwhod(1M) daemon is enabled. This can be determined by using the pgrep(1) command which will only generate output if the daemon is enabled, as in the following example:
$ pgrep -lf in.rwhod
17157 /usr/sbin/in.rwhod -m
Symptoms
There are no predictable symptoms that would indicate the described issue has occurred.
Workaround
To work around the described issue, in.rwhod(1M) can be disabled by running the following command:
# pkill in.rwhod
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 7 with patch 118239-01 or later
-
Solaris 8 with patch 116984-01 or later
-
Solaris 9 with patch 117455-01 or later
x86 Platform
-
Solaris 7 with patch 118240-01 or later
-
Solaris 8 with patch 116985-01 or later
-
Solaris 9 with patch 117456-01 or later
Modification History
References
118239-01
118240-01
116984-01
116985-01
117455-01
117456-01
AttachmentsThis solution has no attachment