Note: This is an archival copy of Security Sun Alert 200998 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000751.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Resolved Release
On systems where Lightweight Directory Access Protocol (LDAP, see ldap(1)) is used in conjunction with Role Based Access Control (RBAC, see rbac(5)), unprivileged local users may have the ability to execute certain commands with "superuser" (root) privileges.
This issue can occur in the following releases:
This configuration can be determined by the RBAC related entries in the "/etc/nsswitch.conf" file, which will contain lines with one or more of the following type of entries:
auth_attr: ldap files prof_attr: ldap files user_attr: ldap files
There are no predictable symptoms that would indicate the described issue has been exploited.
To work around the described issue, configure the system to use "local" files instead of LDAP for RBAC configuration. RBAC related entries in the "/etc/nsswitch.conf" file should be modified as follows:
auth_attr: files prof_attr: files user_attr: files
Note: With this workaround, LDAP functionality will be disabled for the RBAC database and all RBAC related data will be queried from "local" files instead of through LDAP.
This issue is addressed in the following releases:
This solution has no attachment