Sun Solaris Default RBAC Configuration May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1016726
|
|
SecurityTracker URL: http://securitytracker.com/id?1016726
|
|
CVE Reference: CVE-2006-4306
, CVE-2006-4307
(Links to External Site)
|
Updated: Jun 5 2008
|
Original Entry Date: Aug 22 2006
|
Impact: Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 8, 9
|
Description: A vulnerability was reported in Sun Solaris in the default Role-Based Access Control (RBAC) configuration. A local user may be able to execute arbitrary commands with root privileges.
The default RBAC configuration associated with the "File System Management" profile is unsafe. A local user who has been assigned
that profile may be able to execute arbitrary commands with root privileges. The local user may also be able to write to device
files associated with local disks with root privileges.
Solaris 10 is not affected.
|
Impact: A local user may be able to execute arbitrary commands with root privileges.
|
Solution: Sun has issued the following fixes.
SPARC Platform
* Solaris 8 with patch 108975-10 or later
* Solaris 9 with patch
113072-08 or later
x86 Platform
* Solaris 8 with patch 108976-10 or later
* Solaris 9 with patch 114423-07 or later
The
Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1 (Links to External Site)
|
Cause: Configuration error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 22 Aug 2006 02:22:38 -0400
Subject: Security Vulnerability May Allow Users With the
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1
|
|
