Sun Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to escalate their privileges. The vulnerability is caused by an unspecified problem when LDAP and RBAC (Role Based Access Control) is used together. This can be exploited to execute certain commands with root privileges.
d8107da6eaef0edb6088236b4f57984ff0c9fbff6dcf5bf35a59bee26c3f5de2
<html>
<head>
<title>SunSolve Printer Friendly Page</title>
<LINK REL="Stylesheet" TYPE="text/css" TITLE="Sunstyle" HREF="/style.css">
<script language="JavaScript" src="/s_code_remote.js">
</head>
<body>
<script language="JavaScript">
<!--
var s_pageName=document.title;
var s_channel="CDS Print-Friendly page"
//--></script>
<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td nowrap="" width="3%" valign="top"><b>Document ID:</b></td><td valign="top" align="left">57657</td></tr><tr><td nowrap="" width="3%" valign="top"><b>Title:</b></td><td valign="top" align="left">Document ID 57657</td></tr><tr><td nowrap="" width="3%" valign="top"><b>Synopsis:</b></td><td valign="top" align="left">Security Vulnerability When Using LDAP In Conjunction With RBAC </td></tr><tr><td nowrap="" width="3%" valign="top"><b>Update Date:</b></td><td valign="top" align="left">2004-10-18</td></tr></table><hr><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr bgcolor="#999999"><td><font color="#ffffff" size="2"><b>Description</b></font></td><td align="right"><b><a href="#top"><font color="#ffffff" size="2">Top</font></a></b></td></tr></table><b>
Sun(sm) Alert Notification
</b><ul><li>
Sun Alert ID: 57657
</li><li>
Synopsis: Security Vulnerability When Using LDAP In Conjunction With RBAC
</li><li>
Category: Security
</li><li>
Product: Solaris
</li><li>
BugIDs: 4966423
</li><li>
Avoidance: Patch, Workaround
</li><li>
State: Resolved
</li><li>
Date Released: 18-Oct-2004
</li><li>
Date Closed: 18-Oct-2004
</li><li>
Date Modified:
</li></ul><b>
1. Impact
</b>
On systems where Lightweight Directory Access Protocol (LDAP, see ldap(1)) is used in conjunction with Role Based Access Control (RBAC, see rbac(5)), unprivileged local users may have the ability to execute certain commands with "superuser" (root) privileges.
<p></p><b>
2. Contributing Factors
</b>
This issue can occur in the following releases:
<p></p>
<b>SPARC Platform</b>
<p></p><ul><li>
Solaris 8 without patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-108993-38-1">108993-38</a>
</li><li>
Solaris 9 without patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-112960-17-1">112960-17</a>
</li></ul>
<b>x86 Platform</b>
<p></p><ul><li>
Solaris 8 without patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-108994-38-1">108994-38</a>
</li><li>
Solaris 9 without patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-114328-04-1">114328-04</a>
</li></ul>
<b>Notes:</b>
<p></p><ol><li>
Systems are only impacted when using LDAP in conjunction with RBAC .
</li><li>
Solaris 7 is not affected by this issue.
</li></ol>
This configuration can be determined by the RBAC related entries in the "/etc/nsswitch.conf" file, which will contain lines with one or more of the following type of entries:
<p></p><pre> auth_attr: ldap files
prof_attr: ldap files
user_attr: ldap files </pre><b>
3. Symptoms
</b>
There are no predictable symptoms that would indicate the described issue has been exploited.
<p></p>
<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr bgcolor="#999999"><td><font color="#ffffff" size="2"><b>Solution Summary</b></font></td><td align="right"><b><a href="#top"><font color="#ffffff" size="2">Top</font></a></b></td></tr></table><b>
4. Relief/Workaround
</b>
To work around the described issue, configure the system to use "local" files instead of LDAP for RBAC configuration. RBAC related entries in the "/etc/nsswitch.conf" file should be modified as follows:
<p></p><pre> auth_attr: files
prof_attr: files
user_attr: files </pre>
<b>Note:</b> With this workaround, LDAP functionality will be disabled for the RBAC database and all RBAC related data will be queried from "local" files instead of through LDAP.
<p></p><b>
5. Resolution
</b>
This issue is addressed in the following releases:
<p></p>
<b>SPARC Platform</b>
<p></p><ul><li>
Solaris 8 with patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-108993-38-1">108993-38</a> or later
</li><li>
Solaris 9 with patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-112960-17-1">112960-17</a> or later
</li></ul>
<b>x86 Platform</b>
<p></p><ul><li>
Solaris 8 with patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-108994-38-1">108994-38</a> or later
</li><li>
Solaris 9 with patch <a href="/search/document.do?assetkey=urn:cds:docid:1-21-114328-04-1">114328-04</a> or later
</li></ul>
<i>This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use.
This Sun Alert notification may only be used for the purposes contemplated by these agreements.</i>
<p></p>
<i>Copyright 2000-2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.</i>
<p></p>
<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td width="25%" valign="top" bgcolor="#999999"><font size="2" color="#ffffff"><b>Applies To</b></font></td><td width="75%" valign="top" bgcolor="#cccccc"><font size="2">
</font></td></tr></table><p></p><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td width="25%" valign="top" bgcolor="#999999"><font size="2" color="#ffffff"><b>Attachments</b></font></td><td width="75%" valign="top" bgcolor="#cccccc"><font size="2"> </font></td></tr></table><p></p>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed