Note: This is an archival copy of Security Sun Alert 228411 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017352.1.
Article ID : 1017352.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-12-09
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Issue Involving the tcsh(1) ls-F builtin on Solaris 8

Category
Security

Release Phase
Resolved

Product
Solaris 8 Operating System

Bug Id
4599390

Date of Resolved Release
22-DEC-2003

Impact

A local unprivileged user may be able to create or remove files or gain privileges of another user, possibly root, if the tcsh(1) builtin command ls-F is used. The files created or removed and privileges possibly gained would depend on the privileges and user-ID of the process that executed the tcsh(1) ls-F builtin command.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 110943-02

x86 Platform

  • Solaris 8 without patch 110944-02

Note: Solaris 7 and Solaris 9 are not affected by this issue.


Symptoms

There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized elevated privileges to a host.


Workaround

To prevent this issue from occurring, do not utilize the tcsh(1) ls-F builtin directly and avoid any tcsh(1) functionality which uses the ls-F builtin such as filename completion (done by typing "^D").


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 110943-02 or later

x86 Platform

  • Solaris 8 with patch 110944-02 or later


Modification History

References
 110943-02

 110944-02



                                                                                           


Attachments
This solution has no attachment