Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 8 Operating System
Bug Id
4966423
Date of Resolved Release18-OCT-2004
Impact
On systems where Lightweight Directory Access Protocol (LDAP, see ldap(1)) is used in conjunction with Role Based Access Control (RBAC, see rbac(5)), unprivileged local users may have the ability to execute certain commands with "superuser" (root) privileges.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 8 without patch 108993-38
-
Solaris 9 without patch 112960-17
x86 Platform
-
Solaris 8 without patch 108994-38
-
Solaris 9 without patch 114328-04
Notes:
-
Systems are only impacted when using LDAP in conjunction with RBAC .
-
Solaris 7 is not affected by this issue.
This configuration can be determined by the RBAC related entries in the "/etc/nsswitch.conf" file, which will contain lines with one or more of the following type of entries:
auth_attr: ldap files
prof_attr: ldap files
user_attr: ldap files
Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
Workaround
To work around the described issue, configure the system to use "local" files instead of LDAP for RBAC configuration. RBAC related entries in the "/etc/nsswitch.conf" file should be modified as follows:
auth_attr: files
prof_attr: files
user_attr: files
Note: With this workaround, LDAP functionality will be disabled for the RBAC database and all RBAC related data will be queried from "local" files instead of through LDAP.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 8 with patch 108993-38 or later
-
Solaris 9 with patch 112960-17 or later
x86 Platform
-
Solaris 8 with patch 108994-38 or later
-
Solaris 9 with patch 114328-04 or later
Modification History
References
108993-38
112960-17
114328-04
108994-38
AttachmentsThis solution has no attachment