Note: This is an archival copy of Security Sun Alert 201115 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000835.1.
Article ID : 1000835.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-04-12
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Java Studio Enterprise 8 May Create World-Writable Files When Installed by Root

Category
Security

Release Phase
Resolved

Product
Sun Java Studio Enterprise 8

Bug Id
6309618

Date of Resolved Release
13-APR-2006

Impact

A security vulnerability in Sun Java Studio Enterprise 8 may allow a local unprivileged user the ability to execute arbitrary commands as a user who runs Sun Java Studio due to the creation of certain files with world-writable permissions when the product is installed by root.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) without patch 121045-04

x86 Platform

  • Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) without patch 121045-04

Symptoms

If the described issue occurs, certain files in the install directory will be world-writable when the product is installed by root.


Workaround

No file under the install directory should be world-writable.

To work around the described issue, the following command can be used to manually remove the write permission for others:

    $ find <jstudio_ent8> -perm -o+w -exec chmod o-w {} \;

Note: <jstudio_ent8> is the installation root directory.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) with patch 121045-04 or later

x86 Platform

  • Sun Java Studio Enterprise 8 (for Solaris 9 and Solaris 10) with patch 121045-04 or later


References

121045-04




Attachments
This solution has no attachment