Note: This is an archival copy of Security Sun Alert 200567 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000433.1.
Article ID : 1000433.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Management Center (SunMC) May Create Directories or Files Writable by Unpriveleged Users

Category
Security

Release Phase
Resolved

Bug Id
4736678, 4732527, 4755912, 4759497, 4733253, 4397035, 4786744, 4795542

Date of Resolved Release
16-JUN-2003

Impact

On Systems with Sun Management Center (SunMC) installed und run by a root user, unprivileged local users may be able to overwrite or create any file.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • SunMC 2.1.1 (for Solaris 2.6) without patch 109699-10
  • SunMC 2.1.1 (for Solaris 7) without patch 109696-11
  • SunMC 2.1.1 (for Solaris 8) without patch 109697-11
  • SunMC 3.0 (for Solaris 2.6) without patch 110936-13
  • SunMC 3.0 (for Solaris 7) without patch 110937-13
  • SunMC 3.0 (for Solaris 8 and Solaris 9) without patch 110938-13
  • SunMC 3.0 Revenue Release (RR) (for Solaris 2.6) without patch 110971-13
  • SunMC 3.0 Revenue Release (RR) (for Solaris 7) without patch 110972-13
  • SunMC 3.0 Revenue Release (RR) (for Solaris 8 and Solaris 9) without patch 110973-13

Note: The installed SunMC version may be determined with the following command: 

    $ pkginfo -l SUNWescom | grep VERSION

Solaris 2.5.1 will not be evaluated regarding the potential impact of the issue described in this Sun Alert document.


Symptoms

There are no predictable symptoms that would show the described issue has occurred.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • SunMC 2.1.1 (for Solaris 2.6) with patch 109699-10 or later
  • SunMC 2.1.1 (for Solaris 7) with patch 109696-11 or later
  • SunMC 2.1.1 (for Solaris 8) with patch 109697-11 or later
  • SunMC 3.0 (for Solaris 2.6) with patch 110936-13 or later
  • SunMC 3.0 (for Solaris 7) with patch 110937-13 or later
  • SunMC 3.0 (for Solaris 8 and Solaris 9) with patch 110938-13 or later
  • SunMC 3.0 Revenue Release (RR) (for Solaris 2.6) with patch 110971-13 or later
  • SunMC 3.0 Revenue Release (RR) (for Solaris 7) with patch 110972-13 or later
  • SunMC 3.0 Revenue Release (RR) (for Solaris 8 and Solaris 9) with patch 110973-13 or later


Product
Sun Management Center 3.0 (Localized)

References

109696-11
109697-11
109699-10
110936-13
110937-13
110938-13
110971-13
110972-13
110973-13




Attachments
This solution has no attachment