|
Note: This is an archival copy of Security Sun Alert 200068 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000052.1. |
Category Security Release Phase Resolved Sun Net Connect 3.2 Services Bug Id 6492570 Date of Resolved Release 11-MAY-2007 Impact A security vulnerability in Sun Remote Services (SRS) Net Connect Software may allow a local unprivileged user to read partial contents of any file on the system. Sun acknowledges with thanks, iDefense (http://www.idefense.com) for bringing this issue to our attention. This issue is also described in the following document: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=531 Contributing Factors This issue can occur in the following releases: SPARC Platform
Notes:
To determine if the SRS Net Connect software has been installed on a system, the following command can be run: $ pkginfo SUNWsrspx system SUNWsrspx Sun(SM) Net Connect Proxy Core To determine the version of the SRS Net Connect software installed on the system, the filename of the SRS Net Connect Uninstall script can be examined: $ ls -l /opt/SUNWsrspx/bin/Uninstall* -r-xr----- 1 root root 6422 Mar 16 19:34 /opt/SUNWsrspx/bin/UninstallNetConnect.003.002.004.sh The above output indicates SRS Net Connect version 3.2.4 is installed on the system. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited to read the contents of a file on the system. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
References125713-01123870-02 Attachments This solution has no attachment | |||||||||||||||
|
|