SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Sun
Sun Solaris modload() May Grant Root Access to Local Users
SecurityTracker Alert ID:  1008833
SecurityTracker URL:  http://securitytracker.com/id/1008833
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Mar 24 2004
Original Entry Date:  Jan 23 2004
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Solaris 7, 8, and 9
Description:   A vulnerability was reported in Sun Solaris. A local user may be able to gain root access on the system.

Sun reported an unspecified flaw in modload(). A local user can reportedly load arbitrary kernel modules to potentially gain root access on the system.

Dave Aitel of Immunity Research reported that there is a directory traversal flaw in the vfs_getvfssw() kernel function. A local user can reportedly load a user-specified kernel module via the mount() or sysfs() system calls.

Solaris 7, 8, and 9 are affected. Sun indicated that Solaris 2.6 was not evaluated to determine if it was affected or not, but Immunity Research indicates that 2.6 is indeed affected.

The Immunity advisory is available at:

http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf

Impact:   A local user may be able to gain root privileges on the target system.
Solution:   Sun has issued the following fixes:

SPARC Platform

* Solaris 7 with patch 106541-29 or later
* Solaris 8 with patch 108528-27 or later
* Solaris 9 with patch 112233-11 or later

x86 Platform

* Solaris 7 with patch 106542-29 or later
* Solaris 8 with patch 108529-27 or later
* Solaris 9 with patch 112234-11 or later

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479 (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57479

57479 	  	Security Vulnerability With Loading Arbitrary Kernel Modules in Solaris 
Kernel 	  	22 Jan 2004

Sun reported that a local user can load arbitrary kernel modules to potentially gain root 
access on the system.

Solaris 7, 8, and 9 are affected.

Sun has issued the following fixes:

SPARC Platform

     * Solaris 7 with patch 106541-29 or later
     * Solaris 8 with patch 108528-27 or later
     * Solaris 9 with patch 112233-11 or later

x86 Platform

     * Solaris 7 with patch 106542-29 or later
     * Solaris 8 with patch 108529-27 or later
     * Solaris 9 with patch 112234-11 or later

-----

     * Sun Alert ID: 57479
     * Synopsis: Security Vulnerability With Loading Arbitrary Kernel Modules in Solaris 
Kernel
     * Category: Security
     * Product: Solaris
     * BugIDs: 4729683
     * Avoidance: Patch
     * State: Resolved
     * Date Released: 22-Jan-2004
     * Date Closed: 22-Jan-2004
     * Date Modified:

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC