Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4677620
Date of Resolved Release14-OCT-2003
Impact
A Solaris security vulnerability involving the sysinfo(2) system call may allow a local unprivileged user the ability to read portions of kernel memory, which may contain sensitive data.
Note: The vulnerability does not allow an unprivileged user the ability to write to kernel memory.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 2.6 without patch 105181-35
-
Solaris 7 without patch 106541-27
-
Solaris 8 without patch 108528-24
-
Solaris 9 without patch 112233-01
x86 Platform
-
Solaris 2.6 without patch 105182-35
-
Solaris 7 without patch 106542-27
-
Solaris 8 without patch 108529-24
Notes: Solaris 9 for the x86 Platform is not affected.
Symptoms
There are no predictable symptoms that would show the described issue has been exploited.
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 2.6 with patch 105181-35 or later
-
Solaris 7 with patch 106541-27 or later
-
Solaris 8 with patch 108528-24 or later
-
Solaris 9 with patch 112233-01 or later
x86 Platform
-
Solaris 2.6 with patch 105182-35 or later
-
Solaris 7 with patch 106542-27 or later
-
Solaris 8 with patch 108529-24 or later
Modification History
References
105181-35
106541-27
108528-24
112233-01
105182-35
106542-27
108529-24
AttachmentsThis solution has no attachment