Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4705891
Date of Resolved Release16-JAN-2003
Impact
A local unprivileged user may be able to gain unauthorized root privileges due to a buffer overflow involving the Solaris "/usr/lib/utmp_update" command.
Contributing Factors
This issue can occur in the following releases:
SPARC
-
Solaris 2.6 without patch 113754-01
-
Solaris 7 without patch 113752-01
-
Solaris 8 without patch 113650-01
-
Solaris 9 without patch 113718-01
Intel
-
Solaris 2.6 without patch 113755-01
-
Solaris 7 without patch 113753-01
-
Solaris 8 without patch 113651-01
-
Solaris 9 without patch 113996-01
Note: Solaris 2.5.1 will not be evaluated for potential impact for the described issue contained in this Sun Alert document.
Symptoms
There are no predictable symptoms that would show the described issue has been exploited to gain unauthorized root access to a system.
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC
-
Solaris 2.6 with patch 113754-01 or later
-
Solaris 7 with patch 113752-01 or later
-
Solaris 8 with patch 113650-01 or later
-
Solaris 9 with patch 113718-01 or later
Intel
-
Solaris 2.6 with patch 113755-01 or later
-
Solaris 7 with patch 113753-01 or later
-
Solaris 8 with patch 113651-01 or later
-
Solaris 9 with patch 113996-01 or later
Modification History
References
113754-01
113752-01
113650-01
113718-01
113755-01
113753-01
113651-01
113996-01
AttachmentsThis solution has no attachment