Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 8 Operating System
Bug Id
4947668
Date of Resolved Release13-MAY-2004
Impact
The Solaris Management Console (smc(1M)) Server may allow a remote unprivileged user to learn about a system's directory structure and the presence/location of files therein. However, it does not allow one to see the contents of the files.
Sun acknowledges, with thanks, Jon Hart for identifying and reporting this issue.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 8 without patch 111313-02
-
Solaris 9 without patch 116807-01
x86 Platform
-
Solaris 8 without patch 111314-02
-
Solaris 9 without patch 116808-01
Note 1: Solaris 7 is not affected by this issue.
Note 2: The described issue only occurs if the Solaris Management Console (smc(1M)) Server is running on the system. This can be determined by running the following command as the "root" user:
# /etc/init.d/init.wbem status
Solaris Management Console server not running on port 898
# /etc/init.d/init.wbem status
Solaris Management Console server version 2.1.0 running on port 898
Symptoms
There are no user visible symptoms to determine whether the vulnerability is being exploited.
Workaround
To workaround this issue until patches can be applied, sites may disable the Solaris Management Console (smc(1M)) Server by running the following commands as the root user:
To stop the running of the smc(1M) server:
# /etc/init.d/init.wbem stop
To prevent the smc(1M) server from starting upon successive reboots:
# mv /etc/rc2.d/S90wbem /etc/rc2.d/disabled-S90wbem
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 8 with patch 111313-02 or later
-
Solaris 9 with patch 116807-01 or later
x86 Platform
-
Solaris 8 with patch 111314-02 or later
-
Solaris 9 with patch 116808-01 or later
Modification History
References
116807-01
116808-01
111313-02
111314-02
AttachmentsThis solution has no attachment