Note: This is an archival copy of Security Sun Alert 201462 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001101.1.
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Workaround Release
Date of Resolved Release
A local unprivileged user may be able to write messages to logged-in users which appear to originate from another user ID due to a security issue with the wall(1M) command. The forged user ID may be the "root" user.
This issue can occur in the following releases:
Solaris 2.5.1 will not be evaluated regarding the potential impact of the issue described in this Sun Alert document.
A wall messages may state it is from the "root" or any other user although it has originated from a different local logged-in user:
--- Broadcast Message from root (rpc.rwalld) on sun-hostname Fri Jan 1 00:00:00... From root@sun-hostname: <Any message here> ---
For forged wall messages, the output message header will look like in any other regular wall message.
There is no workaround.
If sensitive information is asked for via a wall message, check with a trusted system administrator in person before revealing any security sensitive data.
This issue is addressed in the following releases:
This solution has no attachment