Note: This is an archival copy of Security Sun Alert 228423 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017359.1.
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
There is a potential buffer overflow in ping(1M) which could result in a local unprivileged user gaining elevated privileges.
This issue can occur in the following releases:
There are no predictable symptoms that would show the described issue has been exploited.
To reduce the chances of the described issue from occurring, apply one of the following workarounds:
1. Remove the "set-user-ID" bit from the ping(1M) binary by issuing the following command:
# chmod u-s /usr/sbin/ping
Note: Removing the "set-user-ID" bit from the ping(1M) utility will prevent unprivileged users from using the ping(1M) command.
2. Enable non-executable program stacks by adding the following lines to the "/etc/system" file and reboot the system:
set noexec_user_stack = 1 set noexec_user_stack_log = 1
The above tunable parameters are described in the Solaris Tunable Parameters Reference Manual at: http://docs.sun.com.
Note: Although enabling non-executable user stacks makes the likelihood of a successful exploit much smaller, it does not provide 100 percent against exploitation of this vulnerability.
This workaround is only effective on sun4u, sun4m, and sun4d architectures (enter "uname -m" to display a systems architecture). This workaround will not work on x86 platforms.
This issue is addressed in the following releases:
This solution has no attachment