Note: This is an archival copy of Security Sun Alert 200553 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000421.1.
Article ID : 1000421.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-06-17
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Buffer Overflow Vulnerability in the dbm_open(ndbm(3C) and dbm(3UCB)) and dbminit(3UCB) Database Functions May Allow Unauthorized Root Privileges

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4661997, 4668699

Date of Resolved Release
19-JUN-2003

Impact

A local unprivileged user may be able to gain unauthorized root privileges due to a buffer overflow vulnerability in the database function routines dbm_open(3C) and dbminit(3UCB). The dbm_open(3C) database function is present in the C library libc(3LIB) and is used in the Solaris privileged program Xsun(1).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.6 without patches 105210-47, 105377-06 and 105401-43
  • Solaris 7 without patches 106541-22, 106942-26 and 106949-03
  • Solaris 8 without patches 108827-24, 108993-16 and 109152-02
  • Solaris 9 without patches 112874-01, 112922-02, 113319-10, 114569-02 and 114571-01

x86 Platform

  • Solaris 2.6 without patches 105211-49 and 105402-43
  • Solaris 7 without patches 106542-22 and 106943-26
  • Solaris 8 without patches 108828-25, 108994-16 and 114617-01
  • Solaris 9 without patches 113719-03, 114570-01 and 114715-01

Symptoms

There are no predictable symptoms that would show the described issue has been exploited to gain unauthorized root access to a system.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 2.6 with patches 105210-47, 105377-06 and 105401-43 or later for each listed patch
  • Solaris 7 with patches 106541-22, 106942-26 and 106949-03 or later for each listed patch
  • Solaris 8 with patches 108827-24, 108993-16 and 109152-02 or later for each listed patch
  • Solaris 9 with patches 112874-01, 112922-02, 113319-10, 114569-02 and 114571-01 or later for each listed patch

x86 Platform

  • Solaris 2.6 with patches 105211-49 and 105402-43 or later for each listed patch
  • Solaris 7 with patches 106542-22 and 106943-26 or later for each listed patch
  • Solaris 8 with patches 108828-25, 108994-16 and 114617-01 or later for each listed patch
  • Solaris 9 with patches 113719-03, 114570-01 and 114715-01 or later for each listed patch


Modification History

References
 105210-47

 105211-49

 105377-06

 105401-43

 105402-43

 106541-22

 106542-22

 106942-26

 106943-26

 106949-03

 108827-24

 108828-25

 108993-16

 108994-16

 109152-02

 114617-01

 112874-01

 112922-02

 113319-10

 114569-02

 114571-01

 113719-03

 114570-01

 114715-01



                                                                                         


Attachments
This solution has no attachment