|
Note: This is an archival copy of Security Sun Alert 200925 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000707.1. |
Category Security Release Phase Resolved Sun Management Center 3.5 Update 1 Bug Id 5102677 Date of Resolved Release 15-JUL-2005 Impact Unprivileged local or remote users may be able to execute arbitrary code on Solaris systems which have installed and enabled the Sun Management Center (SunMC) server software. The SunMC server software typically runs as the unprivileged uid "smcorau" and uses the Oracle listener, and is thus affected by the multiple Oracle vulnerabilities described in Oracle Security Alert #68 at http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf. These issues are also described in CERT Technical Cyber Security Alert TA04-245A at http://www.us-cert.gov/cas/techalerts/TA04-245A.html. Contributing Factors This issue can occur in the following releases: SPARC Platform
Notes:
To determine if SunMC is installed on a Solaris system (and what version), the following command can be run: # pkginfo -l SUNWescom PKGINST: SUNWescom NAME: Sun Management Center Common Components CATEGORY: system,SyMON ARCH: sparc VERSION: 3.5,REV=2.9.2004.05.04 BASEDIR: /opt VENDOR: Sun Microsystems, Inc. DESC: This package provides the common components among all SES installations PSTAMP: lapena20050402224254 INSTDATE: Jun 30 2005 01:56 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 70 installed pathnames 9 shared pathnames 10 directories 53 executables 7857 blocks used (approx) If instead, the following error message is returned: ERROR: information for "SUNWescom" was not found then the SUNWescom package and SunMC are not installed. To determine if SunMC is running on a Solaris system, the following command can be run: # ps -aef | grep SUNWsymon | grep -v grep root 11033 1 0 19:36:57 ? 0:09 esd - init trap -dir /var/opt/SUNWsymon -q root 11960 1 0 19:37:00 ? 0:37 esd - init topology -dir /var/opt/SUNWsymon -q root 11676 1 1 19:36:58 ? 19:54 esd - init agent -dir /var/opt/SUNWsymon -q root 11037 1 0 19:36:57 ? 0:05 esd - init event -dir /var/opt/SUNWsymon -q root 11035 1 0 19:36:57 ? 0:12 esd - init cfgserver -dir /var/opt/SUNWsymon -q root 10698 1 0 19:36:45 pts/5 2:28 /usr/j2se/bin/java -DINTERFACE_PATH=/var/opt/SUNWsymon/cfg:/opt/SUNWsymon/base/ smcorau 10655 1 0 19:36:36 ? 0:00 /opt/SUNWsymon/oracle/product/8.1.7/bin/tnslsnr smcdblistener -inherit root 17710 1 0 19:37:32 ? 0:37 esd - init metadata -dir /var/opt/SUNWsymon -q (As in the example above, if the output contains more than one process, then SunMC is configured and running). Symptoms There are no reliable symptoms that would indicate the described issues have been exploited. Workaround There is no workaround for these issues. Please see the Resolution section below. Resolution These issues are addressed in the following releases: SPARC Platform
Note: Oracle recommends that the latest Critical Patch Update (CPU) from Oracle is always present and kept up to date on the system when running any Oracle application. The latest CPU will address all known & fixed security vulnerabilities in Oracle code. Modification History Date: 22-SEP-2005 22-Sep-2005:
References118828-04118829-04 Attachments This solution has no attachment | |||||||||||||||
|
|