Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4799173
Date of Resolved Release14-APR-2005
Impact
A local unprivileged user may be able to load their own Generic Security Service Application Program Interface (GSS-API) when a privileged GSS-API application is installed which utilizes the libgss(3LIB) library.
Note: Sun does not ship any privileged applications which link to the libgss(3LIB) library and thus no Sun applications are affected by this issue.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 7 without patch 107293-02
-
Solaris 8 without patch 109223-06
-
Solaris 9 without patch 112907-04
x86 Platform
-
Solaris 7 without patch 107294-02
-
Solaris 8 without patch 109224-06
-
Solaris 9 without patch 114263-02
Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 7 with patch 107293-02 or later
-
Solaris 8 with patch 109223-06 or later
-
Solaris 9 with patch 112907-04 or later
x86 Platform
-
Solaris 7 with patch 107294-02 or later
-
Solaris 8 with patch 109224-06 or later
-
Solaris 9 with patch 114263-02 or later
Modification History
References
109223-06
112907-04
109224-06
114263-02
107293-02
107294-02
AttachmentsThis solution has no attachment