|
Note: This is an archival copy of Security Sun Alert 201196 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000898.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 2.6 Operating System Solaris 7 Operating System Solaris 8 Operating System Bug Id 4774256 Date of Workaround Release 23-JAN-2003 Date of Resolved Release 24-FEB-2004 Impact A local or remote unprivileged user may be able to view root privileged files due to a security vulnerability involving the Solaris kcms_server(1) daemon. The Solaris kcms_server(1) daemon is part of the Kodak Color Management System (KCMS), an API and libraries to create and manage profiles that can describe and control the color performance of digital color images on desktop computers and associated peripherals. The kcms_server(1) daemon is enabled by default in the inetd.conf(4) file. This issue is described in the CERT Vulnerability VU#850785 (see http://www.kb.cert.org/vuls/id/850785) and the Entercept Security Alert at: http://www.entercept.com/news/uspr/01-22-03.asp. Sun acknowledges with thanks, Sinan Eren of the Entercept Ricochet Team, for bringing this issue to our attention.
Contributing Factors This issue can occur in the following releases: SPARC
Intel
Symptoms There are no reliable symptoms that would show the described issue has been exploited to gain access to view root privileged files.
Workaround The following workarounds can be implemented as the root user to prevent an exploit for this issue from succeeding: 1. Disable the kcms_server(1) daemon on all systems. a) Edit the "/etc/inetd.conf" file and comment out the following line by prepending the '#' symbol as follows. # 100221/1 tli rpc/tcp wait root /usr/openwin/bin/kcms_server kcms_server b) Instruct the inetd(1M) process to reread the newly modified "/etc/inetd.conf" file by sending it a hangup signal, SIGHUP: $ ps -ef | grep inetd $ kill -HUP <pid of inetd from above ps output> 2. Remove the KCMS related packages using pkgrm(1) as the root user. The following are the KCMS packages: Core KCMS packages: application SUNWkcslx KCMS Runtime Library (64-bit) application SUNWkcspf KCMS Optional Profiles application SUNWkcspg KCMS Programmers Environment application SUNWkcspx KCMS Programmers Environment (64-bit) system SUNWkcsrl KCMS Runtime Library Support system SUNWkcsrr KCMS Runtime Profiles application SUNWkcsrt KCMS Runtime Environment application SUNWkcsrx KCMS Runtime Environment (64-bit) Translated KCMS packages: ALE SUNWckcsr Simplified Chinese (EUC) KCMS Runtime Environment application SUNWdkcsr German KCMS Runtime Environment application SUNWekcsr Spanish KCMS Runtime Environment application SUNWfkcsr French KCMS Runtime Environment ALE SUNWhkcsr Traditional Chinese (EUC) KCMS Runtime Environment application SUNWikcsr Italian KCMS Runtime Environment application SUNWjkcsr Japanese KCMS Runtime Environment ALE SUNWkkcsr Korean (EUC) KCMS Runtime Environment application SUNWskcsr Swedish KCMS Runtime Environment Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
A final resolution is pending completion for Solaris 8 x86.
Modification History Date: 08-AUG-2003
Date: 10-FEB-2004
Date: 24-FEB-2004
References107336-02107337-03 111400-02 114636-01 107338-02 107339-03 114637-01 111401-02 Attachments This solution has no attachment | |||||||||||||||
|
|