Note: This is an archival copy of Security Sun Alert 201152 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000871.1.
Article ID : 1000871.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-11-22
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in the traceroute(1M) Utility may Allow Elevated Privileges


Release Phase

Solaris 10 Operating System

Bug Id
6290623, 6290611

Date of Resolved Release


Multiple security vulnerabilities in the traceroute(1M) utility may allow an unauthorized local user the ability to execute arbitrary code with elevated privileges. The traceroute(1M) utility in Solaris 10 is privilege aware and thus the only additional privilege available is PRIV_NET_RAWACCESS (see privileges(5)). This limits the impact by only allowing access to the network layer.

These issues are described in the following document:

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 121012-01

x86 Platform

  • Solaris 10 without patch 121013-01

Note: Solaris 8 and Solaris 9 are not affected by this issue.


There are no reliable symptoms that would indicate the described issue has been exploited.


To work around the described issue, the "set user ID bit" (suid) may be removed from the traceroute(1M) binary (or the binary may be removed altogether), which will render it unusable to non-root users.

To remove the suid bit, run the following command as root user:

    # chmod u-s /usr/sbin/traceroute



This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 121012-01 or later

x86 Platform

  • Solaris 10 with patch 121013-01 or later



This solution has no attachment