Note: This is an archival copy of Security Sun Alert 200488 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000366.1.
Solaris PC NetLink 2.0
Date of Resolved Release
A security vulnerability in the "/etc/init.d/slsadmin" script in PC NetLink 2.0 may allow files to be opened insecurely, which could allow an unprivileged local user the ability to write to the filesystem with the permissions of the user running "slsadmin." If "slsadmin" is run as "root," it may allow a local unprivileged user to gain elevated privileges on the system and run arbitrary commands.
This issue can occur in the following release:
To determine the version of PC NetLink on a system, the following command can be run:
$ /opt/lanman/bin/net version Solaris (TM) PC NetLink, Version 2.0,REV=2.0.xx UNIX Systems Server
To determine if the SUNWlzas package (for slsadmin) is installed on a system, the following command can be run:
$ pkginfo -l SUNWlzas PKGINST: SUNWlzas NAME: Solaris (TM) PC NetLink Adm Srv CATEGORY: system ARCH: sparc VERSION: 2.0,REV=rr24 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: Solaris (TM) PC NetLink Administration Server
There are no predictable symptoms that would indicate the described issue has been exploited.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following release:
This solution has no attachment