Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Common Desktop Environment 1.0
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4788209
Date of Resolved Release05-DEC-2003
Impact
A local user may be able to execute arbitrary code or commands with the privileges of the dtprintinfo(1) CDE Print Viewer. The dtprintinfo(1) CDE Print Viewer runs with root privileges.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 2.6 without patch 106437-04
-
Solaris 7 without patch 107885-09
-
Solaris 8 without patch 110335-03
-
Solaris 9 without patch 114495-01
x86 Platform
-
Solaris 2.6 without patch 106438-04
-
Solaris 7 without patch 107886-09
-
Solaris 8 without patch 110336-03
-
Solaris 9 without patch 114496-01
Symptoms
There are no predictable symptoms that show this issue has been exploited.
Workaround
To work around the described issue, turn off the set-user-ID ("setuid") bit for dtprintinfo as root, shown below:
# chmod 0555 /usr/dt/bin/dtprintinfo
This will cause dtprintinfo to lose the ability to display local print jobs.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 2.6 with patch 106437-04 or later
-
Solaris 7 with patch 107885-09 or later
-
Solaris 8 with patch 110335-03 or later
-
Solaris 9 with patch 114495-01 or later
x86 Platform
-
Solaris 2.6 with patch 106438-04 or later
-
Solaris 7 with patch 107886-09 or later
-
Solaris 8 with patch 110336-03 or later
-
Solaris 9 with patch 114496-01 or later
Modification History
References
106437-04
106438-04
107885-09
107886-09
110335-03
110336-03
114495-01
114496-01
AttachmentsThis solution has no attachment