Note: This is an archival copy of Security Sun Alert 200509 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000387.1.
Article ID : 1000387.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-04-14
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Certain Network Services Disruptions or "Spoofs" Could Occur as a Result of Possible Network Port Theft



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 8 Operating System

Bug Id
5089150

Date of Resolved Release
18-APR-2005

Impact

Local unprivileged users may be able to start processes on non-privileged network ports. By "stealing" the port, these processes may act as modified or "trojaned" versions of the service that typically runs on that port. This condition could lead to service disruption, a sensitive information leak, or possible compromise of remote systems.

Note: This issue only applies to network services which run on non-privileged ports such as NFS or NIS, and network server systems which allow user logins.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 116965-08
  • Solaris 9 without patch 118305-02

x86 Platform

  • Solaris 8 without patch 116966-08
  • Solaris 9 without patch 117470-01

Note: Solaris 7 and Solaris 10 are unaffected by this issue.


Symptoms

Depending on the "trojan" that has been installed, there may be no obvious symptoms to indicate this issue has occurred. It is possible that services such as NIS may stop working for no apparent reason.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 116965-08 or later
  • Solaris 9 with patch 118305-02 or later

x86 Platform

  • Solaris 8 with patch 116966-08 or later
  • Solaris 9 with patch 117470-01 or later


Modification History

References

116965-08
118305-02
116966-08
117470-01




Attachments
This solution has no attachment