Note: This is an archival copy of Security Sun Alert 200453 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000334.1.
Article ID : 1000334.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-02-14
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in rm(1) may Lead to Unauthorized Deletion of Files or Directories



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6399959

Date of Resolved Release
08-FEB-2007

Impact

A race condition vulnerability in handling recursive directory deletion via the rm(1) command with either the "-r" or "-R" option may lead to deletion of files or directories external to the argument directory hierarchy. An unprivileged user may exploit this vulnerability by creating a specially crafted directory hierarchy which, when deleted by a privileged user using the rm(1) command, may lead to deletion of system files and directories causing a Denial of Service (DoS) condition.

Sun acknowledges with thanks, Jim Meyering <jim@meyering.net>, for bringing this issue to our attention.

Additional information regarding this issue can be found at:


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 124969-01
  • Solaris 9 without patch 123372-02
  • Solaris 10 without patch 124244-01

x86 Platform

  • Solaris 8 without patch 124970-01
  • Solaris 9 without patch 123373-02
  • Solaris 10 without patch 124245-01

Symptoms

There are no predictable symptoms that would indicate the issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 124969-01 or later
  • Solaris 9 with patch 123372-02 or later
  • Solaris 10 with patch 124244-01 or later

x86 Platform

  • Solaris 8 with patch 124970-01 or later
  • Solaris 9 with patch 123373-02 or later
  • Solaris 10 with patch 124245-01 or later


Modification History
Date: 15-FEB-2007
  • Updated Impact section


References

123372-02
123373-02
124969-01
124970-01
124244-01
124245-01




Attachments
This solution has no attachment