Note: This is an archival copy of Security Sun Alert 200957 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000726.1.
Article ID : 1000726.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability With Loading Arbitrary Kernel Modules in Solaris Kernel



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4729683

Date of Resolved Release
22-JAN-2004

Impact

By loading arbitrary kernel modules, an unprivileged local user may be able to gain root privileges.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.6 without patch 105181-37
  • Solaris 7 without patch 106541-29
  • Solaris 8 without patch 108528-27
  • Solaris 9 without patch 112233-11

x86 Platform

  • Solaris 2.6 without patch 105182-37
  • Solaris 7 without patch 106542-29
  • Solaris 8 without patch 108529-27
  • Solaris 9 without patch 112234-11

Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 2.6 with patch 105181-37 or later
  • Solaris 7 with patch 106541-29 or later
  • Solaris 8 with patch 108528-27 or later
  • Solaris 9 with patch 112233-11 or later

x86 Platform

  • Solaris 2.6 with patch 105182-37 or later
  • Solaris 7 with patch 106542-29 or later
  • Solaris 8 with patch 108529-27 or later
  • Solaris 9 with patch 112234-11 or later


Modification History
Date: 12-MAR-2004
  • Add Solaris 2.6 and related patches to Contributing Factors and Resolution sections


References

106541-29
108528-27
112233-11
106542-29
108529-27
112234-11
105181-37
105182-37




Attachments
This solution has no attachment