Note: This is an archival copy of Security Sun Alert 201792 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001330.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 8 Operating System Bug Id 4952456 Date of Resolved Release 09-JAN-2006 Impact Security vulnerabilities in the uucp(1C) and uustat(1C) utilities may allow local unprivileged users the ability to execute arbitrary commands with the privileges of the "uucp" user (user ID 5 by default). The uustat(1C) issue is also referenced here:
Sun acknowledges, with thanks, iDefense Labs and Angelo Rosiello (http://www.rosiello.org/) for bringing the uustat(1C) issue to our attention. Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Note: Solaris 10 is not impacted by these issues. Solaris 7 will not be evaluated regarding a potential impact of the issues described in this Sun Alert document. Symptoms There are no reliable symptoms that would indicate the described issues have been exploited. Workaround To work around the described issues, remove the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries as follows: # chmod u-s /usr/bin/uucp # chmod u-s /usr/bin/uustat Note: Removing the "set-user-ID" bit from the uucp(1C) and uustat(1C) binaries will prevent unprivileged users from using the uucp(1C) and uustat(1C) commands to access calling devices (such as modems). Resolution These issues are addressed in the following releases: SPARC Platform
x86 Platform
References111570-04111571-04 113322-03 115880-02 Attachments This solution has no attachment |
|