Sun StorADE Unsafe File Permissions Let Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1016215 |
|
SecurityTracker URL: http://securitytracker.com/id/1016215
|
|
CVE Reference:
CVE-2006-2790
(Links to External Site)
|
Updated: May 22 2009
|
Original Entry Date: Jun 2 2006
|
Impact:
Execution of arbitrary code via local system, Root access via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2.4
|
Description:
A vulnerability was reported in Sun Storage Automated Diagnostic Environment (StorADE). A local user can gain elevated privileges.
The SUNWstadm package components of the Sun StorADE software does not properly set file and directory permissions. A local user may be able to execute arbitrary code with the privileges of another user, including the root user.
|
Impact:
A local user can execute arbitrary code with the privileges of another user, including root.
|
Solution:
The vendor has issued the following fix.
Storage Automated Diagnostic Environment (StorADE) 2.4 (for Solaris 8, 9 and 10) with patch 117654-60 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102305-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102305-1 (Links to External Site)
|
Cause:
Configuration error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 2 Jun 2006 16:10:15 -0400
Subject: Security Vulnerability With Sun StorADE Version 2.4 Installation
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102305-1
|
|
