Solaris pfexec command contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local unprivileged user with a custom rights profile has an invalid entry for that custom rights profile in the execution profiles database exec_attr(4). The modification of the exec_attr(4) file requires "root" privileges. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.
Classification
Location:
Local Access Required
Attack Type:
Authentication Management
Impact:
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unknown
Technical
A local unprivileged user with a custom rights profile (see profiles(1)) may be able to execute a profile command with greater privileges than originally assigned, if the execution profiles database (exec_attr(4)) contains an invalid entry for that custom rights profile.
Solution
Upgrade to versions indicated by vendor, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
SPARC Platform
Solaris 8 with patch 109007-15
Solaris 9 with patch 116237-01
x86 Platform
Solaris 8 with patch 109008-15
Solaris 9 with patch 116238-01
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
