Note: This is an archival copy of Security Sun Alert 201792 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001330.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Resolved Release
Security vulnerabilities in the uucp(1C) and uustat(1C) utilities may allow local unprivileged users the ability to execute arbitrary commands with the privileges of the "uucp" user (user ID 5 by default).
The uustat(1C) issue is also referenced here:
Sun acknowledges, with thanks, iDefense Labs and Angelo Rosiello (http://www.rosiello.org/) for bringing the uustat(1C) issue to our attention.
These issues can occur in the following releases:
Note: Solaris 10 is not impacted by these issues. Solaris 7 will not be evaluated regarding a potential impact of the issues described in this Sun Alert document.
There are no reliable symptoms that would indicate the described issues have been exploited.
To work around the described issues, remove the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries as follows:
# chmod u-s /usr/bin/uucp # chmod u-s /usr/bin/uustat
Note: Removing the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries will prevent unprivileged users from using the uucp(1C) and uustat(1C) commands to access calling devices (such as modems).
These issues are addressed in the following releases:
This solution has no attachment