Note: This is an archival copy of Security Sun Alert 201325 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000999.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 2.6 Operating System Solaris 7 Operating System Solaris 8 Operating System Bug Id 4776480 Date of Workaround Release 30-JAN-2003 Date of Resolved Release 31-MAR-2003 Impact A local unprivileged user may be able to remove any file on the system due to a security vulnerability in the at(1) command. Sun acknowledges with thanks, Wojciech Purczynski of iSEC Security Research, for bringing this issue to our attention. This issue is described in an iSEC Security Research advisory (see http://isec.pl/vulnerabilities/isec-0008-sun-at.txt). Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Notes: Solaris 2.5.1 will not be evaluated regarding a potential impact of the issue described in this Sun Alert document. The Solaris 8 cron/at patches 109007-09 and 109008-09 require the libbsm/c2audit patches 108875-13 and 108876-13 respectively for the correct functioning of the crontab(1) command. Future revisions of the Solaris 8 cron/at patches will contain the libbsm/c2audit binaries and will not require the installation of the libbsm/c2audit patches. Symptoms There are no predictable symptoms that would show the described issue has been exploited, as it depends on what file or files were deleted.
Workaround To work around the described issue, the set-user-ID bit can be removed from the at(1) command. However, once the set-user-ID bit is removed the "at" command will no longer function. As root do the following: # chmod u-s /usr/bin/at
Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 31-MAR-2003
References114135-01114136-01 108319-03 108320-03 109007-09 109008-09 105181-34 105182-34 Attachments This solution has no attachment |
|