Note: This is an archival copy of Security Sun Alert 228411 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017352.1.
Solaris 8 Operating System
Date of Resolved Release
A local unprivileged user may be able to create or remove files or gain privileges of another user, possibly root, if the tcsh(1) builtin command ls-F is used. The files created or removed and privileges possibly gained would depend on the privileges and user-ID of the process that executed the tcsh(1) ls-F builtin command.
This issue can occur in the following releases:
Note: Solaris 7 and Solaris 9 are not affected by this issue.
There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized elevated privileges to a host.
To prevent this issue from occurring, do not utilize the tcsh(1) ls-F builtin directly and avoid any tcsh(1) functionality which uses the ls-F builtin such as filename completion (done by typing "^D").
This issue is addressed in the following releases:
This solution has no attachment