Sun Solaris libpkcs11 May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1015987
|
|
SecurityTracker URL: http://securitytracker.com/id?1015987
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 25 2006
|
Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 10
|
Description: A vulnerability was reported in Sun Solaris libpkcs11. A local user may be able to obtain elevated privileges on the target system.
When a privileged application links to the Sun libpkcs11(3LIB) library and invokes the getpwnam(3C) function or related functions
to access password entries, the function may overwrite thread-specific data. A local user may be able to cause arbitrary code to
be executed with the privileges of the target application.
Solaris 8 and 9 are not affected.
|
Impact: A local user may be able to obtain elevated privileges on the target system. The specific impact, if any, depends on the application using the libpkcs11 library.
|
Solution: Sun has issued the following fixes.
SPARC Platform
* Solaris 10 with patch 118918-14 or later [Global]
* Solaris 10
with patch 118562-09 or later [Restricted]
x86 Platform
* Solaris 10 with patch 118919-12 or later [Global]
* Solaris
10 with patch 118563-07 or later [Restricted]
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102316-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102316-1 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 24 Apr 2006 23:42:41 -0400
Subject: Privileged Applications Linked to libpkcs11(3LIB) Which Obtain Password Entries Using getpwnam(3C) May Fail or Possibly Grant Elevated Privileges to Local Users
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102316-1
|
|
