Note: This is an archival copy of Security Sun Alert 200325 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000241.1.
Article ID : 1000241.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-10-17
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the in.rwhod(1M) Daemon



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4705157

Date of Resolved Release
06-DEC-2004

Impact

A security vulnerability in the in.rwhod(1M) daemon may allow a remote privileged user to execute arbitrary code with "root" privileges when the in.rwhod(1M) daemon is enabled on the system.

Note: in.rwhod(1M) is not enabled by default.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 118239-01
  • Solaris 8 without patch 116984-01
  • Solaris 9 without patch 117455-01

x86 Platform

  • Solaris 7 without patch 118240-01
  • Solaris 8 without patch 116985-01
  • Solaris 9 without patch 117456-01

A system is only vulnerable to this issue if the in.rwhod(1M) daemon is enabled. This can be determined by using the pgrep(1) command which will only generate output if the daemon is enabled, as in the following example:

    $ pgrep -lf in.rwhod
17157 /usr/sbin/in.rwhod -m

Symptoms

There are no predictable symptoms that would indicate the described issue has occurred.


Workaround

To work around the described issue, in.rwhod(1M) can be disabled by running the following command:

    # pkill in.rwhod

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 118239-01 or later
  • Solaris 8 with patch 116984-01 or later
  • Solaris 9 with patch 117455-01 or later

x86 Platform

  • Solaris 7 with patch 118240-01 or later
  • Solaris 8 with patch 116985-01 or later
  • Solaris 9 with patch 117456-01 or later


Modification History

References

118239-01
118240-01
116984-01
116985-01
117455-01
117456-01




Attachments
This solution has no attachment