Note: This is an archival copy of Security Sun Alert 267148 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020912.1.
Solaris Cluster 3.2
Date of Resolved Release
A security vulnerability in the Solaris Cluster 3.2 configuration utility (see clsetup(1CL)):
A security vulnerability in the Solaris Cluster 3.2 configuration utility (see clsetup(1CL)) may allow local unprivileged users to gain elevated privileges and potentially execute arbitrary commands with the privileges of the root user.
Sun acknowledges with thanks, Martin Carpenter from Citco (www.citco.com) for bringing this issue to our attention.
2. Contributing Factors
This issue can occur in the following releases:
Note 2: Sun Cluster 3.2 is not supported on Solaris 9 x86 platform.
There are no predictable symptoms to indicate that the described issue has been exploited to gain elevated privileges on the affected host.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment