Note: This is an archival copy of Security Sun Alert 261408 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020599.1.
Article ID : 1020599.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-03
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Lightweight Availability Collection Tool May Allow Unprivileged User to Overwrite Files



Category
Security

Release Phase
Resolved

Bug Id
6839596

Product
Lightweight Availability Collection Tool 3.0

Date of Resolved Release
02-Jul-2009

Security Vulnerability in Lightweight Availability Collection Tool ... (see below)

1. Impact

A race condition security vulnerability in the Lightweight Availability Collection Tool may allow a local unprivileged user to overwrite arbitrary files on the system.

Sun acknowledges with thanks, Mike Gerdts for bringing this issue to our attention.


2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Lightweight Availability Collection Tool 3.0 (for Solaris 7, 8, 9 and 10)

x86 Platform

  • Lightweight Availability Collection Tool 3.0 (for Solaris 9 and 10)

3. Symptoms

There are no predictable symptoms that would indicate the described issue has occurred.


4. Workaround

There are no workarounds for these issue. Please see the resolution section below.


4. Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Lightweight Availability Collection Tool 3.1 or later (for Solaris 7, 8, 9 and 10)

x86 Platform

  • Lightweight Availability Collection Tool 3.1 or later (for Solaris 9 and 10)

The latest version of Lightweight Availability Collection Tool containing the fix can be downloaded from:
http://www.sun.com/service/stb/



For more information on Security Sun Alerts, see








Attachments

This solution has no attachment