Note: This is an archival copy of Security Sun Alert 201544 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001151.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
An unprivileged local user may be able to execute arbitrary code or commands with the privileges of the dtsession(1X) Common Desktop Environment (CDE) Session Manager. The dtsession(1X) CDE Session Manager runs with root privileges.
This issue can occur in the following releases:
There are no predictable symptoms that would indicate this issue has been exploited.
To work around the described issue, turn off the set-user-ID ("setuid") bit for dtsession(1X) as root:
#chmod 0555 /usr/dt/bin/dtsession
Note 1: For CDE users this will cause dtsession(1X) to be unable to unlock the screen by the list of keyholders (including root) as well as prevent users with accounts defined in /etc/passwd to be unable to unlock the screen. CDE users with accounts defined in NIS, NIS+, or LDAP will still be able to unlock the screen.
Note 2: CDE users with accounts defined in /etc/passwd should use xlock(1) to lock their X display and turn off automatic session locking by dtsession(1X). Automatic session locking by dtsession(1X) can be turned off using the CDE Style Manager's (dtstyle(1X)) screen option. From the dtstyle(1X) screen option window, automatic session locking can be turned off by selecting "off" for the Screen Saver and Screen Lock options. To lock the X display using xlock(1) the xlock(1) command can be executed from the command line of a terminal window.
This issue is addressed in the following releases:
This solution has no attachment