Solaris 10 Operating SystemDate of Resolved Release
Security Vulnerabilities in Solaris Trusted Extensions Common Desktop Environment (CDE) ...
Security Vulnerabilities in Solaris Trusted Extensions Common Desktop Environment (CDE)
may allow an unprivileged local user to easily execute arbitrary commands with root privileges
or to bypass Mandatory Access Control (MAC) policy.
2. Contributing Factors
These issues can occur in the following releases:
- Solaris 10 without patch 126365-15 and 139620-01
- Solaris 10 without patch 126366-15 and 139621-01
Note 1: Solaris 8 and Solaris 9 and OpenSolaris are not impacted by
these issues. Releases prior to Solaris 10 11/06 do not include Solaris
Trusted Extensions and so are not vulnerable to these issues.
Note 2: These issues only impact Solaris 10 and OpenSolaris systems
which have installed and configured Solaris Trusted Extensions. To
determine if a system is configured with Trusted Extensions, the
following command can be run in the global zone:
$ svcs /system/labeld
STATE STIME FMRI
online 10:02:34 svc:/system/labeld:default
If the state is disabled or if "/system/labeld" service is not listed,
then the system is not configured to use Trusted Extensions.
There are no predictable symptoms that would indicate the described
issues have been exploited.
There is no workaround for these issues. Please see Resolution below.
These issues are resolved in the following releases:
- Solaris 10 with patch patch 126365-15 and 139620-01 or later
- Solaris 10 with patch patch 126366-15 and 139621-01 or later
For more information on Security Sun Alerts, see .
This solution has no attachment