Note: This is an archival copy of Security Sun Alert 201656 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001233.1.
Article ID : 1001233.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-01-11
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Solaris 8 DHCP Administration Utilities



Category
Security

Release Phase
Resolved

Product
Solaris 8 Operating System

Bug Id
4646306

Date of Resolved Release
19-JAN-2005

Impact

A security vulnerability in the DHCP administration utilities dhcpconfig(1M), pntadm(1M), and dhcpmgr(1M) may allow an unprivileged local user the ability to execute arbitrary code with the privileges of root.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 with patch 109077-02 through 109077-08 and without patch 109077-09

x86 Platform

  • Solaris 8 with patch 109078-02 through 109078-08 and without patch 109078-09

Note: Solaris 7 and Solaris 9 are not affected by this issue.

A system is only vulnerable to this issue if the DHCP server packages have been installed.

To determine if the DHCP server packages have been installed, the following command can be run:

    $ pkginfo SUNWdhcm SUNWdhcsu

Symptoms

There are no predictable symptoms that would indicate the described issue has occurred.


Workaround

To work around the described issue, edit each of the following files:

   /usr/lib/inet/dhcp/svcadm/pntadm
/usr/lib/inet/dhcp/svcadm/dhcpconfig
/usr/sadm/admin/bin/dhcpmgr

and modify the following line:

From:

    LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${WBEMDIR}

To:

    LD_LIBRARY_PATH=${WBEMDIR}

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 109077-09 or later

x86 Platform

  • Solaris 8 with patch 109078-09 or later


Modification History

References

109077-09
109078-09




Attachments
This solution has no attachment