Category
Security
Release Phase
Resolved
Bug Id
6867559, 6849135
ProductSolaris 10 Operating System
Date of Resolved Release23-Sep-2009
Security Vulnerabilities in Solaris Trusted Extensions Common Desktop Environment (CDE) ...
1. Impact
Security Vulnerabilities in Solaris Trusted Extensions Common Desktop Environment (CDE)
may allow an unprivileged local user to easily execute arbitrary commands with root privileges
or to bypass Mandatory Access Control (MAC) policy.
2. Contributing Factors
These issues can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 126365-15 and 139620-01
x86 Platform
- Solaris 10 without patch 126366-15 and 139621-01
Note 1: Solaris 8 and Solaris 9 and OpenSolaris are not impacted by
these issues. Releases prior to Solaris 10 11/06 do not include Solaris
Trusted Extensions and so are not vulnerable to these issues.
Note 2: These issues only impact Solaris 10 and OpenSolaris systems
which have installed and configured Solaris Trusted Extensions. To
determine if a system is configured with Trusted Extensions, the
following command can be run in the global zone:
$ svcs /system/labeld
STATE STIME FMRI
online 10:02:34 svc:/system/labeld:default
If the state is disabled or if "/system/labeld" service is not listed,
then the system is not configured to use Trusted Extensions.
3. Symptoms
There are no predictable symptoms that would indicate the described
issues have been exploited.
4. Relief/Workaround
There is no workaround for these issues. Please see Resolution below.
5. Resolution
These issues are resolved in the following releases:
SPARC Platform
- Solaris 10 with patch patch 126365-15 and 139620-01 or later
x86 Platform
- Solaris 10 with patch patch 126366-15 and 139621-01 or later
For more information on Security Sun Alerts, see .
References
126365-15>
126366-15
139620-01
139621-01
References
SUNPATCH:126365-15
SUNPATCH:126366-15
SUNPATCH:139620-01
SUNPATCH:139621-01
AttachmentsThis solution has no attachment