Note: This is an archival copy of Security Sun Alert 200509 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000387.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Resolved Release
Local unprivileged users may be able to start processes on non-privileged network ports. By "stealing" the port, these processes may act as modified or "trojaned" versions of the service that typically runs on that port. This condition could lead to service disruption, a sensitive information leak, or possible compromise of remote systems.
Note: This issue only applies to network services which run on non-privileged ports such as NFS or NIS, and network server systems which allow user logins.
This issue can occur in the following releases:
Note: Solaris 7 and Solaris 10 are unaffected by this issue.
Depending on the "trojan" that has been installed, there may be no obvious symptoms to indicate this issue has occurred. It is possible that services such as NIS may stop working for no apparent reason.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment