Title: Solaris chkperm Buffer Overflow Vulnerability
Severity: MODERATE
Description:
A buffer overrun exists in the 'chkperm' program, as included by Sun in its version of AT&T's FACE (Framed Access Command Environment). By supplying a well crafted buffer of executable code to the -n option to the chkperm executable, it may be possible to execute arbitrary commands as root.
It has been publicly reported that this vulnerability is unexploitable by conventional means, under both Sparc and X86 versions of Solaris. This does not mean, necessarily, that the possibility of an exploit existing now, or in the future, is 0. The safest course of action is still to repair the problem, either by acquiring a patch from the vendor, or by removing the setuid and setgid bits from the chkperm binary.
Affected Products:
- Sun Solaris 2.3
- Sun Solaris 2.4
- Sun Solaris 2.4_x86
- Sun Solaris 2.5
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1_ppc
- Sun Solaris 2.5.1_x86
- Sun Solaris 2.5_x86
- Sun Solaris 2.6
- Sun Solaris 2.6 HW3/98
- Sun Solaris 2.6 HW5/98
- Sun Solaris 2.6_x86
- Sun Solaris 2.6_x86HW3/98
- Sun Solaris 2.6_x86HW5/98
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
References:
- Sun Microsystems: Sun Patch Access Page
- Sun Microsystems: Sun Patches List
- Sun Microsystems: Sunsolve Online(tm)
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
