Note: This is an archival copy of Security Sun Alert 201197 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000899.1.
Article ID : 1000899.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-01-21
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Basic Security Module (BSM) Functionality is Impaired on Solaris Systems Which Have Removed The SUNWscpu Package

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4503182

Date of Resolved Release
03-FEB-2004

Impact

Solaris systems with Basic Security Module (BSM) enabled which have been security hardened may have had the SUNWscpu package removed. If this is the case, the BSM audit_warn(1M) script will not e-mail any errors or warning messages generated by the audit daemon (auditd(1M)).

The SUNWCscp cluster provides source compatibility support for Solaris 1.0 (previously known as SunOS 4.X) and the SUNWscpu package contains the mail(1b) command which the BSM audit_warn(1M) relies on.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7
  • Solaris 8 without patch 116610-01
  • Solaris 9 without patch 116247-01

x86 Platform

  • Solaris 7
  • Solaris 8 without patch 116611-01
  • Solaris 9 without patch 116248-01

This issue only affects BSM enabled systems which do not have the SUNWscpu package installed.

To determine if a system has BSM enabled, the following line will appear in the "/etc/system" file: 

    $ grep c2audit /etc/system
set c2audit:audit_load = 1

To determine if the SUNWscpu package is installed on a system, the pkginfo(1) command will display output similar to the following: 

    $ pkginfo SUNWscpu
system  SUNWscpu  Source Compatibility, (Usr)

Symptoms

There are no reliable symptoms that would show the described issue has occurred on a system.


Workaround

Sites which have removed the SUNWscpu package could edit the audit_warn(1M) script by hand to change all occurrences of mail(1b) to mailx(1).

For example, change all lines which reference /usr/ucb/mail: 

    /usr/ucb/mail -s "$SUBJECT" audit_warn
To:
    /usr/bin/mailx:
/usr/bin/mailx -s "$SUBJECT" audit_warn

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 116610-01 or later
  • Solaris 9 with patch 116247-01 or later

x86 Platform

  • Solaris 8 with patch 116611-01 or later
  • Solaris 9 with patch 116248-01 or later

Note: Sites using Solaris 7 will need to upgrade to Solaris 8 or Solaris 9 and apply the relevant patches.



Modification History

References
 116247-01

 116610-01

 116611-01

 116248-01



                                                                                             


Attachments
This solution has no attachment