Note: This is an archival copy of Security Sun Alert 201754 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001294.1.
Article ID : 1001294.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-01-30
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in Solaris ld.so.1(1) may Lead to Execution of Arbitrary Code with Elevated Privileges



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6487273, 6487284

Date of Workaround Release
12-DEC-2006

Date of Resolved Release
31-JAN-2007

Impact

Two security vulnerabilities in Solaris ld.so.1(1) may allow a local unprivileged user to execute arbitrary code with elevated privileges.

Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing these issues to our attention.

More information regarding these issues is available from the following iDefense advisories:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=449

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=450


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 109147-42
  • Solaris 9 without patch 112963-27
  • Solaris 10 without patch 124922-01

x86 Platform

  • Solaris 8 without patch 109148-41
  • Solaris 9 without patch 113986-22
  • Solaris 10 without patch 124923-01

Symptoms

There are no predictable symptoms that would indicate these issues have been exploited.


Workaround

There is no workaround for these issues. Please see the Resolution section below.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 109147-42 or later
  • Solaris 9 with patch 112963-27 or later
  • Solaris 10 with patch 124922-01 or later

x86 Platform

  • Solaris 8 with patch 109148-41 or later
  • Solaris 9 with patch 113986-22 or later
  • Solaris 10 with patch 124923-01 or later


Modification History
Date: 31-JAN-2007

31-Jan-2007:

  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

124922-01
124923-01
109147-42
112963-27
109148-41
109148-41




Attachments
This solution has no attachment