Note: This is an archival copy of Security Sun Alert 201656 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001233.1.
Solaris 8 Operating System
Date of Resolved Release
A security vulnerability in the DHCP administration utilities dhcpconfig(1M), pntadm(1M), and dhcpmgr(1M) may allow an unprivileged local user the ability to execute arbitrary code with the privileges of root.
This issue can occur in the following releases:
Note: Solaris 7 and Solaris 9 are not affected by this issue.
A system is only vulnerable to this issue if the DHCP server packages have been installed.
To determine if the DHCP server packages have been installed, the following command can be run:
$ pkginfo SUNWdhcm SUNWdhcsu
There are no predictable symptoms that would indicate the described issue has occurred.
To work around the described issue, edit each of the following files:
/usr/lib/inet/dhcp/svcadm/pntadm /usr/lib/inet/dhcp/svcadm/dhcpconfig /usr/sadm/admin/bin/dhcpmgr
and modify the following line:
This issue is addressed in the following releases:
This solution has no attachment