Note: This is an archival copy of Security Sun Alert 201148 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000867.1.
Article ID : 1000867.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-04-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability May Allow 'sh' Process to be Crashed Causing a Denial of Service



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6277636

Date of Resolved Release
11-APR-2006

Impact

A security vulnerability in the Bourne shell may allow an unprivileged local user to cause sh(1) processes to crash while creating temporary files. This can lead to a Denial of Service (DoS) for scripts or for users (such as 'root') that use sh(1).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 109324-09
  • Solaris 9 without patch 118535-03
  • Solaris 10 without patch 121004-01

x86 Platform

  • Solaris 8 without patch 109325-09
  • Solaris 9 without patch 118536-03
  • Solaris 10 without patch 121005-01

Symptoms

There are no predictable symptoms that would indicate this issue has been exploited to cause a shell to crash.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 109324-09 or later
  • Solaris 9 with patch 118535-03 or later
  • Solaris 10 with patch 121004-01 or later

x86 Platform

  • Solaris 8 with patch 109325-09 or later
  • Solaris 9 with patch 118536-03 or later
  • Solaris 10 with patch 121005-01 or later


References

121004-01
121005-01
109324-09
109325-09
118535-03
118536-03




Attachments
This solution has no attachment