Sun Solaris lpadmin Lets Local Users Overwrite Arbitrary Files
|
|
SecurityTracker Alert ID: 1014218 |
|
SecurityTracker URL: http://securitytracker.com/id/1014218
|
|
CVE Reference:
CVE-2005-2032
(Links to External Site)
|
Updated: Jul 17 2008
|
Original Entry Date: Jun 16 2005
|
Impact:
Modification of authentication information, Modification of system information, Modification of user information, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in lpadmin on Sun Solaris. A local user can modify files on the system.
A local user can exploit the lpadmin(1M) utility to cause arbitrary files on the target system to be overwritten. A local user can create a symbolic link (symlink) from a critical file on the system to a printer. Then, the local user can invoke lpadmin to create the printer, causing the symlinked file to be overwritten.
|
Impact:
A local user can overwrite arbitrary files on the target system.
|
Solution:
The vendor has issued the following fixes.
Sparc Platform
* Solaris 7 with patch 107115-18 or later
* Solaris 8 with patch 109320-14 or later
* Solaris 9 with patch 113329-07 or later
x86 Platform
* Solaris 7 with patch 107116-18 or later
* Solaris 8 with patch 109321-14 or later
* Solaris 9 with patch 114980-09 or later
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-101768-1 (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 16 Jun 2005 03:21:20 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101768-1
|
# Sun Alert ID: 101768
# Synopsis: Security Vulnerability in the lpadmin(1M) Utility
# Category: Security
#
Product: Solaris 9 Operating System, Solaris 7 Operating System, Solaris 8 Operating System
# BugIDs: 4706351
# Avoidance: Patch
# State: Resolved
# Date Released: 15-Jun-2005
# Date Closed: 15-Jun-2005
# Date Modified:
|
|
