Solaris NFS Kernel Bug Lets Remote Authenticated Users Gain Privileged Access in Certain Cases
|
|
SecurityTracker Alert ID: 1019102
|
|
SecurityTracker URL: http://securitytracker.com/id?1019102
|
|
CVE Reference: CVE-2007-6413
(Links to External Site)
|
Updated: Jan 9 2008
|
Original Entry Date: Dec 14 2007
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 10
|
Description: A vulnerability was reported in Solaris. A remote authenticated user can gain privileged access on the target system.
A remote authenticated root user can gain root access to files on a target system that is configured as a NFS server but does not permit the remote user's system to access shared file systems as a root user.
|
Impact: A remote authenticated user can gain privileged access on the target system.
|
Solution: Sun has issued the following fixes.
SPARC Platform
* Solaris 10 with patch 127111-05 or later
x86 Platform
*
Solaris 10 with patch 127954-03 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103162-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-103162-1 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 14 Dec 2007 13:29:27 -0500
Subject: Solaris 10 Kernel Patches May Allow Privileged Remote Users to Gain Root Access to Files Shared by NFS Servers
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103162-1
|
|
