Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 8 Operating System
Bug Id
4925561
Date of Resolved Release29-JAN-2004
Impact
A local unprivileged user with a custom rights profile (see profiles(1)) may be able to execute a profile command with greater privileges than originally assigned, if the execution profiles database (exec_attr(4)) contains an invalid entry for that custom rights profile.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 8 without patch 109007-15
-
Solaris 9 without patch 116237-01
x86 Platform
-
Solaris 8 without patch 109008-15
-
Solaris 9 without patch 116238-01
Notes:
-
Solaris 7 is not affected by this issue.
-
The modification of the exec_attr(4) file requires "root" privileges.
The pfexec(1) program is used to execute commands with the attributes specified by the user's profiles in the exec_attr(4) database. A user must be part of an execution profile in addition to the default profiles of "Basic Solaris User" and "All". A user can determine which profiles they are part of by running the profiles(1) command, as in this example:
% profiles
Basic Solaris User
All
Symptoms
There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized elevated privileges on a host.
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 8 with patch 109007-15 or later
-
Solaris 9 with patch 116237-01 or later
x86 Platform
-
Solaris 8 with patch 109008-15 or later
-
Solaris 9 with patch 116238-01 or later
Modification History
References
116237-01
116238-01
109007-15
109008-15
AttachmentsThis solution has no attachment