Note: This is an archival copy of Security Sun Alert 201110 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000830.1.
Article ID : 1000830.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-06-12
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability With Sun StorADE Version 2.4 Installation



Category
Security

Release Phase
Resolved

Product
Storage Automated Diagnostic Environment 2.4

Bug Id
6397587

Date of Resolved Release
02-JUN-2006

Impact

A local unprivileged user may be able to execute arbitrary code with the privileges of another user (including root), due to incorrect file and directory permissions from one of the package components of the Sun Storage Automated Diagnostic Environment (StorADE) Software.


Contributing Factors

This issue can occur in the following release:

SPARC Platform

  • Storage Automated Diagnostic Environment (StorADE) 2.4 (for Solaris 8, 9 and 10) without patch 117654-60

Notes:

  1. StorADE versions 2.0, 2.1, 2.2, and 2.3 are not affected by this issue (2.4 is the only version affected).
  2. The x86 platform is not affected by this issue.
  3. This issue only affects systems which have installed the optional SUNWstadm package. The optional SUNWstadm package adds a web browser-based graphical user interface to the Sun Storage Automated Diagnostic Environment software.

To determine if the SUNWstadm has been installed on the system, the following command can be run:

    # pkginfo SUNWstadm
    SUNWstadm  Storage Automated Diagnostic Environment - Management Station UI

To determine the version of StorADE running on a system, the following command can be run:

    # pkginfo -l SUNWstade | grep ^VERSION
    VERSION=2.4

Symptoms

Files and directories which comprise the optional SUNWstadm package will have world writable permissions. The files and directories will be installed under the /var/opt/webconsole/webapps/storade directory and can be listed via the following find(1) command:

    $ find /var/opt/webconsole/webapps/storade -perm -002 -print

Workaround

To work around the described issue prior to patch relief, the administrator can make the mode changes manually within the active "Lockhart" directory by running the following commands:

    # find /var/opt/webconsole/webapps/storade -type d -exec chmod 755 {} \;
    # find /var/opt/webconsole/webapps/storade -type f -exec chmod 644 {} \;

Resolution

This issue is addressed in the following release:

SPARC Platform

  • Storage Automated Diagnostic Environment (StorADE) 2.4 (for Solaris 8, 9 and 10) with patch 117654-60 or later


References

117654-60




Attachments
This solution has no attachment