Sun Solaris '/usr/ucb/ps' May Disclose Sensitive Information to Local Users
|
|
SecurityTracker Alert ID: 1015833 |
|
SecurityTracker URL: http://securitytracker.com/id/1015833
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 28 2006
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8, 9
|
Description:
A vulnerability was reported in Sun Solaris in the 'ps' utility. A local user may be able to view potentially sensitive information.
A local user may be able to exploit '/usr/ucb/ps' with the '-e' switch to view environment variables and their contents for processes of other users.
The '/usr/bin/ps' utility is not affected.
|
Impact:
A local user may be able to view environment variables and their contents for processes of other users.
|
Solution:
Sun has issued a fix.
SPARC Platform
* Solaris 8 with patch 109023-05 or later
* Solaris 9 with patch 120240-01 or later
x86 Platform
* Solaris 8 with patch 109024-05 or later
* Solaris 9 with patch 120239-01 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102215-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102215-1 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 27 Mar 2006 22:22:44 -0500
Subject: Security Vulnerability With The "/usr/ucb/ps" Command
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102215-1
|
|
