Note: This is an archival copy of Security Sun Alert 235421 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019129.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Vulnerability in Solaris 10 Trusted Extensions (see details below)
1. ImpactA security vulnerability in Solaris 10 Trusted Extensions labeled networking may allow untrusted applications in separate labeled zones to exchange data on the local system by circumventing label restrictions.
2. Contributing Factors
This issue can occur if one or more all-zones interfaces areThis issue can occur on the following releases:
Note 2: This issue only impacts Solaris 10 systems which have installed and configured Solaris Trusted Extensions. Solaris Trusted Extensions is available starting in the Solaris 10 11/06 release.
To determine if a system is configured with Trusted Extensions, the following command can be run:
$ svcs labeld
STATE STIME FMRI
online 16:19:20 svc:/system/labeld:default
If the system is configured with Trusted Extensions, the "labeld"
3. SymptomsThere are no predictable symptoms that would indicate the described issue has been exploited.
4. WorkaroundInterim Security Relief (ISR) is available for the following releases from http://sunsolve.sun.com/tpatches
Some customers may be restricted to running the Common Criteria evaluated version of the Solaris Trusted Extensions OE. These customers may use the following IDRs that have been created based on the estimate that Kernel Update patches 125100-08 (SPARC) and 125101-08 (x86) will be the Target Of Evaluation (TOE):
5. ResolutionThis issue is addressed in the following releases:
For more information on Security Sun Alerts, see
02-May-2008: Updated Contributing Factors, Workaround and Resolution sections. Resolved.
05-Jun-2008: Updated Contributing Factors
and CC the following persons:
Internal Eng Responsible Engineer
Internal Services Knowledge Engineer
This solution has no attachment