Note: This is an archival copy of Security Sun Alert 200647 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000506.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
A security vulnerability in the Solaris Named Pipes (pipe(2)) may allow a local unprivileged user to gain access to unauthorized memory locations. This may allow a local unprivileged user to read potentially sensitive data in the kernel's memory layout or in the memory layouts of other processes running on the system.
Additional information on Solaris Named Pipes (pipe(2)) is available at:
Sun acknowledges, with thanks, an anonymous researcher working with the VeriSign iDefense VCP.
This issue can occur in the following releases:
There are no predictable symptoms that would indicate the described issue has been exploited to gain access to unauthorized data.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment