Note: This is an archival copy of Security Sun Alert 201508 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001126.1.
Sun Management Center 3.6.1
Sun Management Center 3.6
Sun Management Center 3.5 Update 1
Date of Resolved Release
A default account vulnerability in the Oracle database component of Sun Management Center (Sun MC) server software may allow remote unprivileged users to gain unauthorized access to the database or execute arbitrary code with the privileges of Oracle database server. The database server runs as the unprivileged user "smcorau".
This issue can occur in the following releases:
Note 1: This issue affects systems installed with Sun Management Center (Sun MC) server software. Sun Management Center (Sun MC) can be downloaded from:
Sun MC is not bundled with Solaris.
Note 2: Sun MC server is not supported on the Solaris x86 platform.
Note 3: Sun MC 3.5 update 1 is not supported on Solaris 10.
To determine if Sun MC server is installed on a Solaris system or what version is present, the following command can be run:
$ pkginfo -l SUNWessrv | grep VERSION VERSION: 3.6.1,REV=2.7.2003.08.28
If the following error message is returned, the "SUNWessrv" package and Sun MC server are not installed on the system.
ERROR: information for "SUNWessrv" was not found
To determine if Sun MC database server is running on the system the following command can be run:
$ ps -ef | grep 'SUNWsymon/oracle' smcorau 10655 1 0 19:36:36 ? 0:00 /opt/SUNWsymon/oracle/product/8.1.7/bin/tnslsnr smcdblistener -inherit
If the output shows "tnslsnr" process, then the database server is running.
There are no reliable symptoms that would indicate the described issue has been exploited to execute arbitrary commands on the system or if the database contents have been accessed.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment