Note: This is an archival copy of Security Sun Alert 257548 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020395.1.
Date of Resolved Release
A security vulnerability in OpenSolaris smbfs(7FS) may expose data to unauthorized users:
Information disclosure security vulnerability in OpenSolaris smbfs(7FS) when using default mount permissions may allow a local unprivileged user unauthorized access to read contents of the files and list directories on a CIFS (Common Internet File System) mounted volume.
2. Contributing Factors
This issue can occur in the following releases:
Note 2: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -vNote 3: This issue only affects systems which are setup to allow mouting of CIFS shares. This can be determined by checking the status of the "svc:/network/smb/client" service using a command such as the following:
$ svcs svc:/network/smb/client:defaultTo determine if a mounted CIFS volume is vulnerable, first locate the mount point of any CIFS volumes on the host using a command such as the following:
# mount -v | grep smbfsand then check the permissions of all the directories and files located on the mounted volume by using the "ls" command similar to the following:
# ls -ld /mntThe output from the above command will indicate which users and groups have permission to access the contents of the examined directory.
There are no predictable symptoms that would indicate the described vulnerability has been exploited.
To work around the described issue, first unmount the affected share, and remount it with options to set the permissions of the CIFS mount point to 700 by using the following command:
# mount -F smbfs -o dirperms=700,fileperms=600 ...5. Resolution
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment