Note: This is an archival copy of Security Sun Alert 201792 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001330.1.
Article ID : 1001330.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-04-20
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in uucp(1C) and uustat(1C)



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 8 Operating System

Bug Id
4952456

Date of Resolved Release
09-JAN-2006

Impact

Security vulnerabilities in the uucp(1C) and uustat(1C) utilities may allow local unprivileged users the ability to execute arbitrary commands with the privileges of the "uucp" user (user ID 5 by default).

The uustat(1C) issue is also referenced here:

Sun acknowledges, with thanks, iDefense Labs and Angelo Rosiello (http://www.rosiello.org/) for bringing the uustat(1C) issue to our attention.


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 111570-04
  • Solaris 9 without patch 113322-03

x86 Platform

  • Solaris 8 without patch 111571-04
  • Solaris 9 without patch 115880-02

Note: Solaris 10 is not impacted by these issues. Solaris 7 will not be evaluated regarding a potential impact of the issues described in this Sun Alert document.


Symptoms

There are no reliable symptoms that would indicate the described issues have been exploited.


Workaround

To work around the described issues, remove the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries as follows:

    # chmod u-s /usr/bin/uucp
    # chmod u-s /usr/bin/uustat

Note: Removing the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries will prevent unprivileged users from using the uucp(1C) and uustat(1C) commands to access calling devices (such as modems).


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 111570-04 or later
  • Solaris 9 with patch 113322-03 or later

x86 Platform

  • Solaris 8 with patch 111571-04 or later
  • Solaris 9 with patch 115880-02 or later


References

111570-04
111571-04
113322-03
115880-02




Attachments
This solution has no attachment