Note: This is an archival copy of Security Sun Alert 267148 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020912.1. |
Category Security Release Phase Resolved 6810281 Product Solaris Cluster 3.2 Date of Resolved Release 22-Sep-2009 A security vulnerability in the Solaris Cluster 3.2 configuration utility (see clsetup(1CL)): 1. Impact A security vulnerability in the Solaris Cluster 3.2 configuration utility (see clsetup(1CL)) may allow local unprivileged users to gain elevated privileges and potentially execute arbitrary commands with the privileges of the root user. Sun acknowledges with thanks, Martin Carpenter from Citco (www.citco.com) for bringing this issue to our attention. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform
Note 2: Sun Cluster 3.2 is not supported on Solaris 9 x86 platform.
3. SymptomsThere are no predictable symptoms to indicate that the described issue has been exploited to gain elevated privileges on the affected host. 4. Workaround There is no workaround for this issue. Please see the "Resolution" section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. References126105-34126106-34 126107-34 Attachments This solution has no attachment |
|