Note: This is an archival copy of Security Sun Alert 200540 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000412.1.
Article ID : 1000412.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-08-04
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 Security Vulnerability in "fileutils" Package May Give Local Users Unauthorized Privileges



Category
Security

Release Phase
Resolved

Product
Sun Cobalt Qube 3 Server
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server

Bug Id
4892240

Date of Resolved Release
13-APR-2005

Impact

A race condition in Sun Linux fileutils 4.1 and earlier versions may allow a local unprivileged user to delete files or directories owned by others.

This issue is described at:

Note: The Sun Linux fileutils 4.1 package includes a number of common and popular "GNU" file management utilities.


Contributing Factors

This issue can occur in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with fileutils 4.1 or earlier

Sun Cobalt Appliances

  • Qube3 with fileutils 4.1 or earlier
  • RaQ4 with fileutils 4.1 or earlier
  • RaQ550 with fileutils 4.1 or earlier
  • RaQXTR with fileutils 4.1 or earlier

The current version of the fileutils package can be found by running the following command:

    % rpm -q fileutils
fileutils-4.1-10.1

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.


Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with fileutils 4.1-10.1 or later

Sun Linux patches are available at: http://sunsolve.sun.com/patches/linux/security.html

Sun Cobalt Appliances

Patches for Qube3, RaQ4, RaQ550 and RaQXTR are available at: http://sunsolve.sun.com/cobalt



Modification History
Date: 13-APR-2005
  • State changed to Resolved

Date: 29-AUG-2003
  • Updated Resolution section
























Attachments
This solution has no attachment