Note: This is an archival copy of Security Sun Alert 200140 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000102.1.
Article ID : 1000102.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-07
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

On Sun Linux and Cobalt Legacy Products, an Unauthorized Local User May be Able to Gain Root Access Rights Due to an Issue With The ptrace() Function



Category
Security

Release Phase
Resolved

Date of Workaround Release
26-MAR-2003

Date of Resolved Release
29-OCT-2003

Due to an issue with the ptrace() function ...

1. Impact

Due to an issue with the ptrace() function an unauthorized local user may be able to gain root access rights on Linux systems, including Sun Linux and Sun Cobalt platforms.

The ptrace() function is a system call used by a parent process to monitor and control the execution of another process. It is also useful in breakpoint debugging and system call tracing.


2. Contributing Factors

This issue can occur in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 (LX50) with kernel-enterprise-2.4.9-31.i386.rpm

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.

Sun Cobalt Platform

  • RaQ XTR with kernel-2.2.16C29_V-1.i386.rpm
  • Qube3 with kernel-2.2.16C7-1.i386.rpm
  • RaQ4 with kernel-2.2.14C11-1.i386.rpm
  • RaQ550 with kernel-2.4.16C12_V-1.i386.rpm

3. Symptoms

There are no symptoms that would show the described issue has been exploited to gain unauthorized root access to a system.


4. Workaround

There is no workaround. Please see the "Resolution" section below.


5. Resolution

This issue is addressed in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 (LX50) with Sun Linux 5.0.5 (Update 1)

Sun Cobalt Platform


Instructions for downloading the above packages can be found in in MyOracleSupport .


Modification History
21-JUL-2003

Date: 21-JUL-2003
  • Updated "Resolution" section for Sun Linux 5.0 (LX50), RaQ XTR, Qube3, RaQ4, and RaQ550.

Date: 29-OCT-2003
  • State: Resolved
  • Updated Contributing Factors and Resolution sections


Product
Sun Linux 5.0























Attachments
This solution has no attachment