Category
Security
Release Phase
Resolved
Bug Id
6620661
ProductSolaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release30-May-2008
A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code
1. Impact
A race condition security vulnerability in the Solaris crontab(1)
utility may allow a local unprivileged user to inject arbitrary
cron(1M) jobs into another local user's crontab file, leading to
execution of arbitrary code with the privileges of that user. This
condition may also be exploited to inject arbitrary entries into the
root user's crontab file under certain circumstances, thereby allowing
the local unprivileged user to execute arbitrary code with the
privileges of the root user.
Sun acknowledges with thanks, Charles Morris of Old Dominion University
for discovering and reporting this issue.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 8 without patch 109007-26
- Solaris 9 without patch 122300-27
- Solaris 10 without patch 137017-02
- OpenSolaris based upon builds snv_01 through snv_91
x86 Platform
- Solaris 8 without patch 109008-26
- Solaris 9 without patch 122301-27
- Solaris 10 without patch 137018-02
- OpenSolaris based upon builds snv_01 through snv_91
Only OpenSolaris installations including the following affected
binaries are impacted by this issue:
/usr/bin/crontab
/usr/xpg4/bin/crontab
/usr/xpg6/bin/crontab
OpenSolaris distributions may include additional bug fixes above
and beyond the base build from which it was derived. The base build can
be derived as follows:
$ uname -a
SunOS phys-node-1 5.11 snv_86 i86pc i386 i86pc
3. Symptoms
There are no predictable symptoms that would indicate the described
issue has been exploited to execute arbitrary code.
4. Workaround
There is no workaround for this issue. Please see the Resolution
section below.
5. Resolution
SPARC Platform
- Solaris 8 with patch 109007-26 or later
- Solaris 9 with patch 122300-27 or later
- Solaris 10 with patch 137017-02 or later
- OpenSolaris based upon builds snv_92 or later
x86 Platform
- Solaris 8 with patch 109008-26 or later
- Solaris 9 with patch 122301-27 or later
- Solaris 10 with patch 137018-02 or later
- OpenSolaris based upon builds snv_92 or later
For more information
on Security Sun Alerts, see 1009886.1.
This Sun Alert
notification is being provided to you on
an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2008 Sun
Microsystems,
Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Modification History
07-Aug-2008: Updated Impact section for clarification
References
109007-26
109008-26
122300-27
122301-27
137017-02
137018-02
AttachmentsThis solution has no attachment