Note: This is an archival copy of Security Sun Alert 200867 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000657.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Bug Id 6472377 Date of Workaround Release 08-JUN-2007 Date of Resolved Release 27-JUN-2007 Impact Due to a security vulnerability in the way the scp(1) command executes helper applications, certain additional unintended commands may be executed at the same time. This may allow a local unprivileged user (or a remote user in the case of shared filesystems) who is able to create files on the system, to execute arbitrary commands with the privileges of a local user, if those files are acted upon by the local user using the scp(1) command. This issue is also referenced in the following document: CVE-2006-0225 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Solaris 8 does not include the scp(1) command and is therefore not impacted by this issue. Symptoms There are no predictable symptoms that would indicate that this issue has been exploited to execute arbitrary commands. Workaround This issue will only occur if the scp(1) command is executed on files that have specially crafted filenames. Therefore, it may be possible to work around this issue by avoiding the use of the scp(1) command on untrusted filenames, for example, on directories that are writable by untrusted users. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 21-JUN-2007
Date: 27-JUN-2007
References123324-03123325-03 114356-12 114357-11 Attachments This solution has no attachment |
|