Category
Security
Release Phase
Resolved
ProductSun Grid Engine 6
Sun Grid Engine 5.3
Bug Id
6366691
Date of Resolved Release27-MAR-2006
Impact
A security vulnerability in the Sun Grid Engine 5.3/N1 Grid Engine 6.0 rsh(1) binary may allow a local unprivileged user the ability to gain unauthorized root access.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Grid Engine 5.3 (32-bit Solaris) without patch 113136-06
- Sun Grid Engine 5.3 (64-bit Solaris) without patch 113137-06
- Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format without patch 113849-06
- Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format without patch 113850-06
- Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) without patch 113139-07
- Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) without patch 113140-07
- Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) NON-Solaris Package format without patch 113855-06
- Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) NON-Solaris Package format without patch 113856-06
- N1 Grid Engine 6.0 (32-bit Solaris) without patch 121956-01
- N1 Grid Engine 6.0 (64-bit Solaris) without patch 121957-01
- N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format without patch 121960-01
- N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format without patch 121961-01
x86 Platform
- Sun Grid Engine 5.3 without patch 113138-07
- Sun Grid Engine 5.3 NON-Solaris Package format without patch 113851-06
- Sun Grid Engine Enterprise Edition 5.3 without patch 116658-03
- Sun Grid Engine Enterprise Edition 5.3 NON-Solaris Package format without patch 116659-03
- N1 Grid Engine 6.0 without patch 121958-01
- N1 Grid Engine 6.0 NON-Solaris Package format without patch 121962-01
- N1 Grid Engine 6.0 (x64) without patch 121959-01
- N1 Grid Engine 6.0 (x64) NON-Solaris Package format without patch 121963-01
Linux
- Sun Grid Engine 5.3 without patch 113852-06
- Sun Grid Engine Enterprise Edition 5.3 without patch 113900-05
- Sun Grid Engine Enterprise Edition 5.3 (x64) without patch 117293-02
- N1 Grid Engine 6.0 without patch 121964-01
- N1 Grid Engine 6.0 (x64) without patch 121965-01
Windows
- N1 Grid Engine 6.0 without patch 121971-01
HP-UX
- N1 Grid Engine 6.0 without patch 121969-01
AIX
- N1 Grid Engine 6.0 (for AIX 4.3) without patch 121966-01
- N1 Grid Engine 6.0 (for AIX 5.1) without patch 121967-01
MAC OS
- N1 Grid Engine 6.0 without patch 121968-01
IRIX
- N1 Grid Engine 6.0 (for IRIX 6.5) without patch 121970-01
Symptoms
There are no predictable symptoms that would indicate the above described issues have been exploited.
Workaround
To work around the described issue, configure ssh(1) as transport for "qrsh" and delete "$SGE_ROOT/utilbin/*/rsh".
See: http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Grid Engine 5.3 (32-bit Solaris) with patch 113136-06 or later
- Sun Grid Engine 5.3 (64-bit Solaris) with patch 113137-06 or later
- Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format with patch 113849-06 or later
- Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format with patch 113850-06 or later
- Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) with patch 113139-07 or later
- Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) with patch 113140-07 or later
- Sun Grid Engine Enterprise Edition 5.3 (32-bit Solaris) NON-Solaris Package format with patch 113855-06 or later
- Sun Grid Engine Enterprise Edition 5.3 (64-bit Solaris) NON-Solaris Package format with patch 113856-06 or later
- N1 Grid Engine 6.0 (32-bit Solaris) with patch 121956-01 or later
- N1 Grid Engine 6.0 (64-bit Solaris) with patch 121957-01 or later
- N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format with patch 121960-01 or later
- N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format with patch 121961-01 or later
x86 Platform
- Sun Grid Engine 5.3 with patch 113138-07 or later
- Sun Grid Engine 5.3 NON-Solaris Package format with patch 113851-06 or later
- Sun Grid Engine Enterprise Edition 5.3 with patch 116658-03 or later
- Sun Grid Engine Enterprise Edition 5.3 NON-Solaris Package format with patch 116659-03 or later
- N1 Grid Engine 6.0 with patch 121958-01 or later
- N1 Grid Engine 6.0 NON-Solaris Package format with patch 121962-01 or later
- N1 Grid Engine 6.0 (x64) with patch 121959-01 or later
- N1 Grid Engine 6.0 (x64) NON-Solaris Package format with patch 121963-01 or later
Linux
- Sun Grid Engine 5.3 with patch 113852-06 or later
- Sun Grid Engine Enterprise Edition 5.3 with patch 113900-05 or later
- Sun Grid Engine Enterprise Edition 5.3 (x64) with patch 117293-02 or later
- N1 Grid Engine 6.0 with patch 121964-01 or later
- N1 Grid Engine 6.0 (x64) with patch 121965-01 or later
Windows
- N1 Grid Engine 6.0 with patch 121971-01 or later
HP-UX
- N1 Grid Engine 6.0 with patch 121969-01 or later
AIX
- N1 Grid Engine 6.0 (for AIX 4.3)with patch 121966-01 or later
- N1 Grid Engine 6.0 (for AIX 5.1)with patch 121967-01 or later
MAC OS
- N1 Grid Engine 6.0 with patch 121968-01 or later
IRIX
- N1 Grid Engine 6.0 (for IRIX 6.5) with patch 121970-01 or later
Note: Sun provides support for Sun Grid Engine 5.3 on Solaris and Linux platforms only. For other platforms, binaries fixing this issue are provided as a courtesy on an "AS IS" basis at:
References
113138-07
113136-06
113137-06
113852-06
113851-06
113849-06
113850-06
116658-03
113139-07
113139-07
113140-07
113900-05
117293-02
117293-02
116659-03
113855-06
113856-06
121956-01
121957-01
121958-01
121959-01
121960-01
121961-01
121962-01
121963-01
121963-01
121964-01
121965-01
121966-01
121967-01
121968-01
121969-01
121970-01
121971-01
AttachmentsThis solution has no attachment