Note: This is an archival copy of Security Sun Alert 200256 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000201.1.
Article ID : 1000201.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-12-14
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the kcms_configure(1) Command May Allow Local Users the Ability to Modify Any File on the System


Release Phase

Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id

Date of Resolved Release


A security vulnerability in the kcms_configure(1) command may allow local unprivileged users the ability to modify any file on the system. This can result in a Denial of Service (DoS) or possibly elevated privileges.

Note: kcms_configure is part of the Kodak Color Management System (KCMS) which configures an X11 window system for use with the KCMS library.

This issue is described in CAN-2004-0481 (see:

Sun acknowledges with thanks, iDEFENSE (, for bringing this issue to our attention.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 107337-04
  • Solaris 8 without patch 111400-03
  • Solaris 9 without patch 114636-03

x86 Platform

  • Solaris 7 without patch 107339-04
  • Solaris 8 without patch 111401-03
  • Solaris 9 without patch 114637-03

Note: Solaris 10 is not affected by this issue.


There are no reliable symptoms that would indicate the described issue has been exploited.


If KCMS is not being used, the setuid(2) permissions on the kcms_configure(1) binary could be removed by running the following command as the root (uid 0) user:

    # chmod u-s /usr/openwin/bin/kcms_configure

The KCMS packages below could also be removed by using the pkgrm(1M) command as root user:

Core KCMS packages:

    application SUNWkcslx   KCMS Runtime Library (64-bit)
application SUNWkcspf   KCMS Optional Profiles
application SUNWkcspg   KCMS Programmers Environment
application SUNWkcspx   KCMS Programmers Environment (64-bit)
system      SUNWkcsrl   KCMS Runtime Library Support
system      SUNWkcsrr   KCMS Runtime Profiles
application SUNWkcsrt   KCMS Runtime Environment
application SUNWkcsrx   KCMS Runtime Environment (64-bit)

Translated KCMS packages:

    ALE         SUNWckcsr   Simplified Chinese (EUC) KCMS Runtime Environment
application SUNWdkcsr   German KCMS Runtime Environment
application SUNWekcsr   Spanish KCMS Runtime Environment
application SUNWfkcsr   French KCMS Runtime Environment
ALE         SUNWhkcsr   Traditional Chinese (EUC) KCMS Runtime Environment
application SUNWikcsr   Italian KCMS Runtime Environment
application SUNWjkcsr   Japanese KCMS Runtime Environment
ALE         SUNWkkcsr   Korean (EUC) KCMS Runtime Environment
application SUNWskcsr   Swedish KCMS Runtime Environment

For example:

    # pkgrm SUNWkcslx SUNWkcspf SUNWkcspg SUNWkcspx SUNWkcsrl SUNWkcsrr \
SUNWkcsrt SUNWkcsrx SUNWckcsr SUNWdkcsr SUNWekcsr SUNWfkcsr SUNWhkcsr \
SUNWikcsr SUNWjkcsr SUNWkkcsr SUNWskcsr


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 107337-04 or later
  • Solaris 8 with patch 111400-03 or later
  • Solaris 9 with patch 114636-03 or later

x86 Platform

  • Solaris 7 with patch 107339-04 or later
  • Solaris 8 with patch 111401-03 or later
  • Solaris 9 with patch 114637-03 or later

Modification History



This solution has no attachment