Note: This is an archival copy of Security Sun Alert 201166 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000880.1.
Article ID : 1000880.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-01-18
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Generic Security Services Library libgss(3LIB)



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4799173

Date of Resolved Release
14-APR-2005

Impact

A local unprivileged user may be able to load their own Generic Security Service Application Program Interface (GSS-API) when a privileged GSS-API application is installed which utilizes the libgss(3LIB) library.

Note: Sun does not ship any privileged applications which link to the libgss(3LIB) library and thus no Sun applications are affected by this issue.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 107293-02
  • Solaris 8 without patch 109223-06
  • Solaris 9 without patch 112907-04

x86 Platform

  • Solaris 7 without patch 107294-02
  • Solaris 8 without patch 109224-06
  • Solaris 9 without patch 114263-02

Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 107293-02 or later
  • Solaris 8 with patch 109223-06 or later
  • Solaris 9 with patch 112907-04 or later

x86 Platform

  • Solaris 7 with patch 107294-02 or later
  • Solaris 8 with patch 109224-06 or later
  • Solaris 9 with patch 114263-02 or later


Modification History

References

109223-06
112907-04
109224-06
114263-02
107293-02
107294-02




Attachments
This solution has no attachment