Note: This is an archival copy of Security Sun Alert 201152 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000871.1.
Solaris 10 Operating System
Date of Resolved Release
Multiple security vulnerabilities in the traceroute(1M) utility may allow an unauthorized local user the ability to execute arbitrary code with elevated privileges. The traceroute(1M) utility in Solaris 10 is privilege aware and thus the only additional privilege available is PRIV_NET_RAWACCESS (see privileges(5)). This limits the impact by only allowing access to the network layer.
These issues are described in the following document:
This issue can occur in the following releases:
Note: Solaris 8 and Solaris 9 are not affected by this issue.
There are no reliable symptoms that would indicate the described issue has been exploited.
To work around the described issue, the "set user ID bit" (suid) may be removed from the traceroute(1M) binary (or the binary may be removed altogether), which will render it unusable to non-root users.
To remove the suid bit, run the following command as root user:
# chmod u-s /usr/sbin/traceroute
This issue is addressed in the following releases:
This solution has no attachment