Note: This is an archival copy of Security Sun Alert 201349 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001022.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
A security vulnerability in the way the rcp(1) command invokes helper applications may allow a local unprivileged user (or a remote user in the case of shared filesystems) to create files with specially crafted file names which could lead to the execution of arbitrary commands with the privileges of a local user when that local user executes the rcp(1) command on the specially crafted file names.
Note: The scp(1) utility is also affected by this issue which is described in the following documents:
CVE-2006-0225 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
Sun Alert 102961
This issue can occur in the following releases:
There are no predictable symptoms that would indicate the described issue has been exploited to execute arbitrary commands.
This issue will only occur if the rcp(1) command is executed on files that have specially crafted file names. Therefore, it may be possible to work around this issue by avoiding the use of the rcp(1) command on untrusted file names, for example, in directories that are writable by untrusted users.
This issue is addressed in the following releases:
This solution has no attachment