Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6399959

Date of Resolved Release
08-FEB-2007

Impact

A race condition vulnerability in handling recursive directory deletion via the rm(1) command with either the "-r" or "-R" option may lead to deletion of files or directories external to the argument directory hierarchy. An unprivileged user may exploit this vulnerability by creating a specially crafted directory hierarchy which, when deleted by a privileged user using the rm(1) command, may lead to deletion of system files and directories causing a Denial of Service (DoS) condition.

Sun acknowledges with thanks, Jim Meyering <jim@meyering.net>, for bringing this issue to our attention.

Additional information regarding this issue can be found at:

• CVE-2007-0895 at:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0895
  

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 8 without patch 124969-01
• Solaris 9 without patch 123372-02
• Solaris 10 without patch 124244-01

x86 Platform

• Solaris 8 without patch 124970-01
• Solaris 9 without patch 123373-02
• Solaris 10 without patch 124245-01

Symptoms

There are no predictable symptoms that would indicate the issue has been exploited.

Workaround

There is no workaround. Please see the "Resolution" section below.

Resolution

This issue is addressed in the following releases:

SPARC Platform

• Solaris 8 with patch 124969-01 or later
• Solaris 9 with patch 123372-02 or later
• Solaris 10 with patch 124244-01 or later

x86 Platform

• Solaris 8 with patch 124970-01 or later
• Solaris 9 with patch 123373-02 or later
• Solaris 10 with patch 124245-01 or later

Modification History
Date: 15-FEB-2007

• Updated Impact section

References

123372-02
123373-02
124969-01
124970-01
124244-01
124245-01




Attachments

This solution has no attachment