Note: This is an archival copy of Security Sun Alert 200168 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000123.1.
Article ID : 1000123.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-03-20
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

On Solaris 9 a Security Issue with the newtask(1) Command May Lead to Unauthorized Root Access

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System

Bug Id
4798119

Date of Resolved Release
28-MAR-2003

Impact

A local unprivileged user may be able to gain unauthorized root access due to a security issue with the newtask(1) command in Solaris 9.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 9 without patch 114713-01

x86 Platform

  • Solaris 9 without patch 114714-01

Notes: Solaris 2.6 and 7 do not have the newtask(1) command and are therefore not affected by this issue.

Solaris 8 is not affected by this issue.


Symptoms

There are no predictable symptoms that would show the described problem has been exploited to gain root privileges.


Workaround

To work around the described issue, remove the setuid bit from newtask(1): 

	# chmod u-s /usr/bin/sparcv7/newtask
	# chmod u-s /usr/bin/sparcv9/newtask
	# chmod u-s /usr/bin/i86/newtask

Note: removing the set-user-ID bit from the "newtask" binary will prevent unprivileged users from using the "newtask" command.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 9 with patch 114713-01 or later

x86 Platform

  • Solaris 9 with patch 114714-01 or later


Modification History

References
 114713-01

 114714-01



                                                                                                        


Attachments
This solution has no attachment