SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Sun
Sun Solaris Default RBAC Configuration May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1016726
SecurityTracker URL:  http://securitytracker.com/id/1016726
CVE Reference:   CVE-2006-4306, CVE-2006-4307   (Links to External Site)
Updated:  Jun 5 2008
Original Entry Date:  Aug 22 2006
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8, 9
Description:   A vulnerability was reported in Sun Solaris in the default Role-Based Access Control (RBAC) configuration. A local user may be able to execute arbitrary commands with root privileges.

The default RBAC configuration associated with the "File System Management" profile is unsafe. A local user who has been assigned that profile may be able to execute arbitrary commands with root privileges. The local user may also be able to write to device files associated with local disks with root privileges.

Solaris 10 is not affected.

Impact:   A local user may be able to execute arbitrary commands with root privileges.
Solution:   Sun has issued the following fixes.

SPARC Platform

* Solaris 8 with patch 108975-10 or later
* Solaris 9 with patch 113072-08 or later

x86 Platform

* Solaris 8 with patch 108976-10 or later
* Solaris 9 with patch 114423-07 or later

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1 (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC