|
Note: This is an archival copy of Security Sun Alert 228557 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1017451.1. |
Category Security Release Phase Resolved Solaris 10 Operating System Bug Id 6467033 Date of Resolved Release 11-OCT-2006 Impact A security vulnerability in the Netscape Portable Runtime (NSPR) API may allow a local unprivileged user to overwrite or create any file on the system which could lead to privilege escalation or a Denial of Service (DoS). Additional information regarding this issue is available at:
Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing this issue to our attention. iDefense credits an anonymous researcher working with the iDefense Vulnerability Contributor Program for the discovery of this issue. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Solaris 8 and Solaris 9 are not impacted by this issue. However, third party software may use NSPR. This third party software would need to be setuid to be vulnerable. Please contact your Vendor. Symptoms There are no predictable symptoms that would show the described issue has been exploited, as it depends on which file is overwritten or created. Workaround There is no workaround. Please see Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Note: Solaris 8 and Solaris 9 are not impacted by this issue. However, you can download the following patches to fix potential third party software vulnerabilities. SPARC Platform
x86 Platform
Linux Platform
HP-UX Platform
Note: NSPR is not available for Solaris 8 on the x86 platform. References119213-10119214-10 Attachments This solution has no attachment | |||||||||||||||
|
|