SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   utmp_update Vendors:   Sun
Sun Solaris Operating System /usr/lib/utmp_update Buffer Overflow May Give Local Users Root Privileges
SecurityTracker Alert ID:  1005935
SecurityTracker URL:  http://securitytracker.com/id/1005935
CVE Reference:   CVE-2003-1082   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Jan 17 2003
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Solaris 2.6, 7, 8, and 9
Description:   A buffer overflow vulnerability was reported in the Sun Solaris operating system in /usr/lib/utmp_update. A local user may be able to obtain root privileges on the system.

It is reported that the buffer overflow resides in the in load_utmpx_struct() function in utmp_update.c. A local user can trigger the overflow to execute arbitrary code with root privileges. No further details were provided.

Sun reports that Solaris 2.6, 7, 8, and 9 are affected, but that Solaris 2.5.1 was not and will not be evaluated to determine if it is vulnerable.

Impact:   A local user can execute arbitrary code with root privileges to gain root access on the system.
Solution:   Sun has released the following patches:

SPARC

* Solaris 2.6 with patch 113754-01 or later
* Solaris 7 with patch 113752-01 or later
* Solaris 8 with patch 113650-01 or later
* Solaris 9 with patch 113718-01 or later

Intel

* Solaris 2.6 with patch 113755-01 or later
* Solaris 7 with patch 113753-01 or later
* Solaris 8 with patch 113651-01 or later
* Solaris 9 with patch 113996-01 or later

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50008 (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  Sun Alert 50008 /usr/lib/utmp_update bug


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50008

Sun issued an alert warning of a buffer overflow in the Solaris /usr/lib/utmp_update command.  A
local user may be able to obtain root level privileges on the system.
 
The buffer overflow reportedly resides in the in load_utmpx_struct() function in utmp_update.c.

Solaris 2.6, 7, 8, and 9 are affected.

Sun reports that Solaris 2.5.1 was not and will not be evaluated to determine if it is vulnerable.

Sun has released the following patches:

SPARC

    * Solaris 2.6 with patch 113754-01 or later
    * Solaris 7 with patch 113752-01 or later
    * Solaris 8 with patch 113650-01 or later
    * Solaris 9 with patch 113718-01 or later

Intel

    * Solaris 2.6 with patch 113755-01 or later
    * Solaris 7 with patch 113753-01 or later
    * Solaris 8 with patch 113651-01 or later
    * Solaris 9 with patch 113996-01 or later


-----

    * Sun Alert ID: 50008
    * Synopsis: Security Vulnerability with the Solaris "/usr/lib/utmp_update" Command
    * Category: Security
    * Product: Solaris
    * BugIDs: 4705891
    * Avoidance: Patch
    * State: Resolved
    * Date Released: 16-Jan-2003
    * Date Closed: 16-Jan-2003
    * Date Modified:


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC