Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6196716
Date of Resolved Release23-AUG-2005
Impact
A security vulnerability in the "/lib/svc/method/net-svc" script may allow a remote privileged user the ability to execute arbitrary code with "root" privileges on a "DHCP" client system if the remote user has access to a system within the network or subnet which is used by the host for "DHCP" requests.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 119593-01
x86 Platform
- Solaris 10 without patch 119594-01
Note: Solaris 8, and Solaris 9 are not impacted by this issue.
Only systems configured as a "DHCP" client are vulnerable to this issue. If a system is configured as a "DHCP" client, the "netstat -D" command will produce output similar to the following:
# netstat -D
Interface State Sent Recv Declined Flags
bge0 BOUND 1 1 0
(Began, Expires, Renew) = (08/15/2005 16:00, 08/15/2005 20:00,
08/15/2005 17:57)
Symptoms
There are no predictable symptoms that would indicate the described issue has occurred.
Workaround
To prevent the described issue from occurring until patches can be applied, the following workaround can be used:
1. Use the sys-unconfig(1M)command to unconfigure the system.
2. On the subsequent reboot, configure the system to use a "static IP" address instead of "DHCP".
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 119593-01 or later
x86 Platform
- Solaris 10 with patch 119594-01 or later
References
119593-01
119594-01
AttachmentsThis solution has no attachment