Note: This is an archival copy of Security Sun Alert 200640 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000501.1.
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
Non-privileged local users can gain access to sensitive system information, e.g., the access-restricted /etc/shadow(5) file on an NIS server.
Sun acknowledges with thanks, Janusz Niewiadomski of iSEC, for bringing this issue to our attention.
This issue is described in the CERT Vulnerability VU#538033 (see http://www.kb.cert.org/vuls/id/538033).
This issue can occur in the following releases:
Note: Solaris 9 for the x86 platform is not impacted by this issue.
There are no predictable symptoms that would show the described issue has been exploited.
Until patches are available and can be applied, there are two workarounds, either of which will prevent the exploitation of this vulnerability:
1) Block access to the affected services listed above from untrusted networks such as the Internet or disable the daemons where possible. Use a firewall or other packet-filtering technology to block the appropriate network ports. Consult your vendor or your firewall documentation for detailed instructions on how to configure the ports.
2) Disallow users from logging into the NIS servers.
3) Disable the "ypserv" and "ypxfrd" daemons where possible, i.e. do not run them on servers that are not supposed to function as NIS servers.
This issue is addressed in the following releases:
Note: Solaris 2.5.1 will require an upgrade to a later release.
This solution has no attachment