Category
Security
Release Phase
Resolved
ProductSolaris PC NetLink 2.0
Bug Id
6215629
Date of Resolved Release23-DEC-2005
Impact
A security vulnerability in the "/opt/lanman/sbin/slsmgr" command in PC NetLink 2.0 may allow files to be opened insecurely, which could allow an unprivileged local user the ability to write to the filesystem with the permissions of the user running "slsmgr." If "slsmgr" is run as "root," it may allow a local unprivileged user to gain elevated privileges on the system and run arbitrary commands.
Contributing Factors
This issue can occur in the following release:
SPARC Platform
- PC NetLink 2.0 (for Solaris 7, 8 and 9) without patch 121209-01
Notes:
- Solaris for x86 is not affected by this issue.
- Solaris 10 is not affected by this issue.
- PC NetLink 1.0, 1.1 and 1.2 are not affected by this issue.
To determine the version of PC NetLink on a system, the following command can be run:
$ /opt/lanman/bin/net version
Solaris (TM) PC NetLink, Version 2.0,REV=2.0.xx
UNIX Systems Server
To determine if the SUNWlzag package (for slsmgr) is installed on a system, the following command can be run:
$ pkginfo -l SUNWlzag
PKGINST: SUNWlzag
NAME: Solaris (TM) PC NetLink Adm GUI
CATEGORY: system
ARCH: sparc
VERSION: 2.0,REV=rr24
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: Solaris (TM) PC NetLink Administration Java GUI components
Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
Workaround
There is no workaround for this issue. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following release:
SPARC Platform
- PC NetLink 2.0 (for Solaris 7, 8 and 9) with patch 121209-01 or later
References
121209-01
AttachmentsThis solution has no attachment