Note: This is an archival copy of Security Sun Alert 201349 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001022.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6473508 Date of Resolved Release 10-JUL-2007 Impact A security vulnerability in the way the rcp(1) command invokes helper applications may allow a local unprivileged user (or a remote user in the case of shared filesystems) to create files with specially crafted file names which could lead to the execution of arbitrary commands with the privileges of a local user when that local user executes the rcp(1) command on the specially crafted file names. Note: The scp(1) utility is also affected by this issue which is described in the following documents: CVE-2006-0225 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225 Sun Alert 102961 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Symptoms There are no predictable symptoms that would indicate the described issue has been exploited to execute arbitrary commands. Workaround This issue will only occur if the rcp(1) command is executed on files that have specially crafted file names. Therefore, it may be possible to work around this issue by avoiding the use of the rcp(1) command on untrusted file names, for example, in directories that are writable by untrusted users. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
References114716-05114717-05 121132-03 125794-02 110670-04 110671-04 114669-04 114670-04 Attachments This solution has no attachment |
|