Note: This is an archival copy of Security Sun Alert 200896 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000684.1.
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
Local unprivileged users may be able to gain unauthorized uucp(1C) user ID access due to multiple buffer overflows in the uucp binary. Users with uucp(1C) user ID access may subsequently gain unauthorized "root" user access rights.
This issue can occur in the following releases:
There are no symptoms that would indicate the described issue has been exploited to gain unauthorized uucp(1C) or root user ID access to a system.
To work around the described issue, remove the set-user-ID bit from the uucp binary by issuing the following command:
# chmod u-s /usr/bin/uucp
Note: Removing the set-user-ID bit from the uucp binary will prevent unprivileged users from using the "uucp" command to access calling devices (i.e. modems).
Another option is to set "noexec_user_stack" options to defeat the most common form of buffer overflow attacks that store executable exploit code on the stack. This can be achieved by editing the "/etc/system" file and adding the lines:
set noexec_user_stack = 1 set noexec_user_stack_log = 1
Note: A reboot will be necessary in order for the "/etc/system" change to take effect.
This issue is addressed in the following releases:
This solution has no attachment