|
Note: This is an archival copy of Security Sun Alert 201480 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001107.1. |
Category Security Release Phase Resolved Sun Cobalt Qube 3 Server Sun Cobalt RaQ XTR Server Sun Cobalt RaQ 4 Server Sun Cobalt RaQ 550 Server Bug Id 4892265 Date of Resolved Release 15-APR-2005 Impact Unprivileged local users may be able to overwrite or create any file on the system if a root user runs Python. For more information on this issue, see the following: Red Hat Advisory RHSA-2002:202-35 located at: CVE CAN-2002-1119 located at: Note: Python is an interpreted, interactive, object-oriented programming language. Contributing Factors This issue can occur in the following releases: Sun Linux Platform
Sun Cobalt Platform
The file package version can be determined by running the following command: # rpm -qa | grep -i python python-1.5.2-14 Symptoms There are no predictable symptoms that would indicate the above described issue have been exploited. Workaround Until patches can be applied, sites may wish to to remove executable and all other permissions from Python. The following command can be used to remove the permissions: # chmod 000 /usr/bin/python /usr/bin/python1.5 The following command can be used to restore the permissions: # chmod 755 /usr/bin/python /usr/bin/python1.5 Resolution This issue is addressed in the following releases: Sun Linux Platform
Sun Linux patches are available at: Sun Cobalt Platform Qube3, RaQ4, RaQXTR, and RaQ550 patches are available at: Modification History Date: 19-AUG-2003
Date: 29-AUG-2003
Attachments This solution has no attachment | |||||||||||||||
|
|