|
Note: This is an archival copy of Security Sun Alert 200999 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000752.1. |
Category Security Release Phase Resolved 6179483 Date of Resolved Release 26-OCT-2004 Impact Unprivileged local users may be able to overwrite arbitrary files on a system due to a security vulnerability in the utempter(8) utility. Note: utempter(8) is a privileged helper program that writes utmp/wtmp entries for unprivileged programs. This issue is described in the following documents:
Contributing Factors This issue can occur in the following releases: Linux
Note: JDS for Solaris is not impacted by this issue. This issue only occurs with utempter versions utempter-0.5.2-342 or earlier. To determine the release of JDS for Linux installed on a system, the following command can be run: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of utempter, the following command can be run: % rpm -qf /usr/sbin/utempter utempter-0.5.2-342 Symptoms There are no predictable symptoms that would show the described issue has been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: Linux
To download and install the updated RPMs from the update servers select the following from the launch bar: Launch >> Applications >> System Tools >> Online Update For additional information on obtaining updates see:
Modification History Product Sun Java Desktop System Release 2 Sun Java Desktop System 2003 Attachments This solution has no attachment | |||||||||||||||
|
|