Note: This is an archival copy of Security Sun Alert 200925 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000707.1.
Sun Management Center 3.5 Update 1
Date of Resolved Release
Unprivileged local or remote users may be able to execute arbitrary code on Solaris systems which have installed and enabled the Sun Management Center (SunMC) server software. The SunMC server software typically runs as the unprivileged uid "smcorau" and uses the Oracle listener, and is thus affected by the multiple Oracle vulnerabilities described in Oracle Security Alert #68 at http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf.
These issues are also described in CERT Technical Cyber Security Alert TA04-245A at http://www.us-cert.gov/cas/techalerts/TA04-245A.html.
This issue can occur in the following releases:
To determine if SunMC is installed on a Solaris system (and what version), the following command can be run:
# pkginfo -l SUNWescom PKGINST: SUNWescom NAME: Sun Management Center Common Components CATEGORY: system,SyMON ARCH: sparc VERSION: 3.5,REV=2.9.2004.05.04 BASEDIR: /opt VENDOR: Sun Microsystems, Inc. DESC: This package provides the common components among all SES installations PSTAMP: lapena20050402224254 INSTDATE: Jun 30 2005 01:56 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 70 installed pathnames 9 shared pathnames 10 directories 53 executables 7857 blocks used (approx)
If instead, the following error message is returned:
ERROR: information for "SUNWescom" was not found
then the SUNWescom package and SunMC are not installed.
To determine if SunMC is running on a Solaris system, the following command can be run:
# ps -aef | grep SUNWsymon | grep -v grep root 11033 1 0 19:36:57 ? 0:09 esd - init trap -dir /var/opt/SUNWsymon -q root 11960 1 0 19:37:00 ? 0:37 esd - init topology -dir /var/opt/SUNWsymon -q root 11676 1 1 19:36:58 ? 19:54 esd - init agent -dir /var/opt/SUNWsymon -q root 11037 1 0 19:36:57 ? 0:05 esd - init event -dir /var/opt/SUNWsymon -q root 11035 1 0 19:36:57 ? 0:12 esd - init cfgserver -dir /var/opt/SUNWsymon -q root 10698 1 0 19:36:45 pts/5 2:28 /usr/j2se/bin/java -DINTERFACE_PATH=/var/opt/SUNWsymon/cfg:/opt/SUNWsymon/base/ smcorau 10655 1 0 19:36:36 ? 0:00 /opt/SUNWsymon/oracle/product/8.1.7/bin/tnslsnr smcdblistener -inherit root 17710 1 0 19:37:32 ? 0:37 esd - init metadata -dir /var/opt/SUNWsymon -q
(As in the example above, if the output contains more than one process, then SunMC is configured and running).
There are no reliable symptoms that would indicate the described issues have been exploited.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Note: Oracle recommends that the latest Critical Patch Update (CPU) from Oracle is always present and kept up to date on the system when running any Oracle application. The latest CPU will address all known & fixed security vulnerabilities in Oracle code.
This solution has no attachment