Note: This is an archival copy of Security Sun Alert 275410 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021773.1.
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in Solaris Trusted Extensions due to missing libraries may allow privilege escalation:
A security vulnerability in Solaris Trusted Extensions due to libraries which were not delivered with the Trusted Extensions may allow a local privileged user to run arbitrary code with elevated privileges.
2. Contributing Factors
This issue can occur in the following releases:
Note 2: This issue only impacts systems that have Solaris Trusted Extensions installed and running. To determine if a system is configured with Trusted Extensions and running on a host, execute the following command in the global zone:
$ svcs labeldIf the state is "disabled" or if "/system/labeld" service is not listed, then the system is not configured to use Trusted Extensions.
There are no predictable symptoms that would indicate the described issue has been exploited to gain elevated privileges..
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment