Note: This is an archival copy of Security Sun Alert 228423 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017359.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 7 Operating System Solaris 8 Operating System Bug Id 4807715 Date of Resolved Release 30-NOV-2004 Impact There is a potential buffer overflow in ping(1M) which could result in a local unprivileged user gaining elevated privileges. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Symptoms There are no predictable symptoms that would show the described issue has been exploited. Workaround To reduce the chances of the described issue from occurring, apply one of the following workarounds: 1. Remove the "set-user-ID" bit from the ping(1M) binary by issuing the following command: # chmod u-s /usr/sbin/ping Note: Removing the "set-user-ID" bit from the ping(1M) utility will prevent unprivileged users from using the ping(1M) command. 2. Enable non-executable program stacks by adding the following lines to the "/etc/system" file and reboot the system: set noexec_user_stack = 1 set noexec_user_stack_log = 1 The above tunable parameters are described in the Solaris Tunable Parameters Reference Manual at: http://docs.sun.com. Note: Although enabling non-executable user stacks makes the likelihood of a successful exploit much smaller, it does not provide 100 percent against exploitation of this vulnerability. This workaround is only effective on sun4u, sun4m, and sun4d architectures (enter "uname -m" to display a systems architecture). This workaround will not work on x86 platforms. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History References118313-01118314-01 116986-02 116987-02 116774-03 116775-03 Attachments This solution has no attachment |
|