BID:12605

Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnerability

Info

Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnerability

Bugtraq ID:	12605
Class:	Design Error
CVE:	CVE-2004-0481
Remote:	No
Local:	Yes
Published:	Feb 21 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery of this vulnerability is credited to iDEFENSE Labs.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0

Not Vulnerable:

Discussion

Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnerability

An arbitrary file corruption vulnerability is reported to exist in the kcms_configure utility. This issue is due to a design error that may allow an attacker to specify a file to be written to by a set user ID 'root' script that is included in the affected software.

An attacker may exploit this vulnerability to corrupt arbitrary files leading to a denial of service or potentially an escalation of privileges.

Exploit / POC

Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnerability

Solution:
Sun has released an alert (57706), an updates to address this vulnerability.

Sun Solaris 7.0_x86

Sun 107339-04
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107339&re v=04

Sun Solaris 9_x86

Sun 114637-03
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114637&re v=03

Sun Solaris 7.0

Sun 107337-04
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=107337&re v=04

Sun Solaris 8_x86

Sun 111401-03
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=111401&re v=03

Sun Solaris 8_sparc

Sun 111400-03
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=111400&re v=03

Sun Solaris 9

Sun 114636-03
http://classic.sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114636&re v=03

References

Sun Solaris KCMS_Configure Arbitrary File Corruption Vulnerability

References:

Sun Alert ID: 57706 (Sun)
Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability (iDEFENSE)
iDEFENSE Security Advisory 02.23.05: Sun Solaris kcms_configure Arbitrary File ("iDEFENSE Labs" )