Solaris Loopback FileSystem Lets Local Users Move or Rename Read-only Files
|
|
SecurityTracker Alert ID: 1017582 |
|
SecurityTracker URL: http://securitytracker.com/id/1017582
|
|
CVE Reference:
CVE-2007-0668
(Links to External Site)
|
Updated: Feb 2 2007
|
Original Entry Date: Feb 2 2007
|
Impact:
Denial of service via local system, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 10
|
Description:
A vulnerability was reported in the Solaris Loopback FileSystem. A local user can move or rename read-only files, causing denial of service conditions.
A local user within a non-global zone can move or rename files on a read-only mounted loopback file system. If the filesystem is shared with the global zone, the files can be moved, renamed, or removed from the global zone.
This can cause denial of service conditions for the non-global zone and the global zone.
Only systems that have non-global zones configured with the read-only LOFS root filesystem using the root filesystem of the global zone as the underlying filesystem are affected.
Solaris 8 and 9 are not affected.
|
Impact:
A local user within a non-global zone can move or rename files on a read-only mounted loopback file system, causing denial of service conditions.
|
Solution:
Sun has issued the following fixes.
SPARC Platform
* Solaris 10 with patch 118833-28 or later
x86 Platform
* Solaris 10 with patch 118855-28 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1 (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
