Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6605707
Date of Resolved Release11-JAN-2008
A security vulnerability in the libdevinfo(3LIB) library, which is used by the login(1) command, may allow a local unprivileged user to gain unauthorized access to files on the system, possibly including system files. (see below for full details)
Impact
A security vulnerability in the libdevinfo(3LIB) library, which is used by the login(1) command, may allow a local unprivileged user to gain unauthorized access to files on the system, possibly including system files. This vulnerability could therefore be used to gain elevated privileges on the system.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 with patch 118833-04 or later and without patch 125251-02
x86 Platform
- Solaris 10 with patch 118855-03 or later and without patch 125252-02
Note: Solaris 8 and Solaris 9 Operating systems are not affected by this issue.
Symptoms
There are no reliable symptoms that would indicate the described issue has been exploited.
Workaround
To work around this issue, edit "/etc/logindevperm" and replace all the "dev" entries in the 3rd column by "^dev$" as in the following example:
/dev/console 0600 /^dev$/mouse:/^dev$/kbd
/dev/console 0600 /^dev$/sound/* # audio devices
[...]
This change has no negative impact.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 125251-02 or later
x86 Platform
- Solaris 10 with patch 125252-02 or later
For more information on Security Sun Alerts, see 1009886.1.
References
125251-02
125252-02
AttachmentsThis solution has no attachment