SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Sun
Solaris Loopback FileSystem Lets Local Users Move or Rename Read-only Files
SecurityTracker Alert ID:  1017582
SecurityTracker URL:  http://securitytracker.com/id/1017582
CVE Reference:   CVE-2007-0668   (Links to External Site)
Updated:  Feb 2 2007
Original Entry Date:  Feb 2 2007
Impact:   Denial of service via local system, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10
Description:   A vulnerability was reported in the Solaris Loopback FileSystem. A local user can move or rename read-only files, causing denial of service conditions.

A local user within a non-global zone can move or rename files on a read-only mounted loopback file system. If the filesystem is shared with the global zone, the files can be moved, renamed, or removed from the global zone.

This can cause denial of service conditions for the non-global zone and the global zone.

Only systems that have non-global zones configured with the read-only LOFS root filesystem using the root filesystem of the global zone as the underlying filesystem are affected.

Solaris 8 and 9 are not affected.

Impact:   A local user within a non-global zone can move or rename files on a read-only mounted loopback file system, causing denial of service conditions.
Solution:   Sun has issued the following fixes.

SPARC Platform

* Solaris 10 with patch 118833-28 or later

x86 Platform

* Solaris 10 with patch 118855-28 or later

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC