Note: This is an archival copy of Security Sun Alert 201112 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000832.1.
Article ID : 1000832.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-04-23
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability May Allow An Unprivileged Local User to Gain Root Access or Panic the OS

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System

Bug Id
6293270

Date of Resolved Release
11-JAN-2006

Impact

On Solaris 10 x86 systems, or on Solaris 9 x86 systems with patch 112234-11 or 112234-12 or patch 117172-16 (or later) installed, a local unprivileged user may have the ability to gain root access or panic the Solaris operating system.


Contributing Factors

The issue can occur in the following releases:

x86 Platform

  • Solaris 9 with patch 112234-11, 112234-12 or 117172-16 or later and without patch 118559-19
  • Solaris 10 without patch 118844-24

Note: Solaris 8 is not affected by this issue. Solaris on the SPARC platform is not affected by this issue.


Symptoms

There are no predictable symptoms that would indicate this issue has been exploited to gain root access. The unprivileged user may cause Solaris to panic (with a corresponding stack trace that includes functions from the mm(5) driver).


Workaround

There is no workaround to this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

x86 Platform

  • Solaris 9 with patch 118559-19 or later
  • Solaris 10 with patch 118844-24 or later


References

118559-19
118844-24




Attachments
This solution has no attachment